Hi Pong,
The events for this sourcetype come from the win_listening_ports.bat script that is included in the Windows TA. The script is disabled in the TA's default inputs.conf. It can be enabled by creating an inputs.conf file in the local directory of the TA with:
[script://.\bin\win_listening_ports.bat]
disabled=0
Cheers,
Jon
... View more