Getting Data In
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

Operation type for event 5058 {Solution}

Hons
Engager
‎10-14-2022 06:35 AM

Hello everyone,

Have you ever wondered why microsoft does not documented Operation types with Unicode + meaning?

You don´t need to anymore.

I have made the needed research (anyone can do) and here are the results:

%%2458 = Read

%%2459 = Write

%%2457 = Delete

 

 

 

Labels (1)
Labels
Reply
1 Solution
Solved! Jump to solution
Solution

mrthom
Engager
‎10-14-2022 07:36 AM

 have found it 😄 it is non-sense string stored in system32/msobjs.dll and some snapshot can be seen there

https://gist.github.com/brianreitz/d5b9397a2e8b3d52ceb9359897e07c3f

%%2456 : Open key file.
%%2457 : Delete key file.
%%2458 : Read persisted key from file.
%%2459 : Write persisted key to file.

View solution in original post

Reply
Solved! Jump to solution
Solution

mrthom
Engager
‎10-14-2022 07:36 AM

 have found it 😄 it is non-sense string stored in system32/msobjs.dll and some snapshot can be seen there

https://gist.github.com/brianreitz/d5b9397a2e8b3d52ceb9359897e07c3f

%%2456 : Open key file.
%%2457 : Delete key file.
%%2458 : Read persisted key from file.
%%2459 : Write persisted key to file.

Reply
Solved! Jump to solution

Hons
Engager
‎10-14-2022 08:29 AM

Thanks @mrthom.

Your version is absolutely precise 😉

Reply
Get Updates on the Splunk Community!

Database Performance Sidebar Panel Now on APM Database Query Performance & Service ...

We’ve streamlined the troubleshooting experience for database-related service issues by adding a database ...

IM Landing Page Filter - Now Available

We’ve added the capability for you to filter across the summary details on the main Infrastructure Monitoring ...

Dynamic Links from Alerts to IM Navigators - New in Observability Cloud

Splunk continues to improve the troubleshooting experience in Observability Cloud with this latest enhancement ...