Getting Data In
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

Operation type for event 5058 {Solution}

Hons
Engager
‎10-14-2022 06:35 AM

Hello everyone,

Have you ever wondered why microsoft does not documented Operation types with Unicode + meaning?

You don´t need to anymore.

I have made the needed research (anyone can do) and here are the results:

%%2458 = Read

%%2459 = Write

%%2457 = Delete

 

 

 

Labels (1)
Labels
Reply
1 Solution
Solved! Jump to solution
Solution

mrthom
Engager
‎10-14-2022 07:36 AM

 have found it 😄 it is non-sense string stored in system32/msobjs.dll and some snapshot can be seen there

https://gist.github.com/brianreitz/d5b9397a2e8b3d52ceb9359897e07c3f

%%2456 : Open key file.
%%2457 : Delete key file.
%%2458 : Read persisted key from file.
%%2459 : Write persisted key to file.

View solution in original post

Reply
Solved! Jump to solution
Solution

mrthom
Engager
‎10-14-2022 07:36 AM

 have found it 😄 it is non-sense string stored in system32/msobjs.dll and some snapshot can be seen there

https://gist.github.com/brianreitz/d5b9397a2e8b3d52ceb9359897e07c3f

%%2456 : Open key file.
%%2457 : Delete key file.
%%2458 : Read persisted key from file.
%%2459 : Write persisted key to file.

Reply
Solved! Jump to solution

Hons
Engager
‎10-14-2022 08:29 AM

Thanks @mrthom.

Your version is absolutely precise 😉

Reply
Get Updates on the Splunk Community!

Introducing the Splunk Community Dashboard Challenge!

Welcome to Splunk Community Dashboard Challenge! This is your chance to showcase your skills in creating ...

Wondering How to Build Resiliency in the Cloud?

IT leaders are choosing Splunk Cloud as an ideal cloud transformation platform to drive business resilience,  ...

Updated Data Management and AWS GDI Inventory in Splunk Observability

We’re making some changes to Data Management and Infrastructure Inventory for AWS. The Data Management page, ...