{"id":3586,"date":"2023-10-12T02:01:38","date_gmt":"2023-10-11T17:01:38","guid":{"rendered":"https:\/\/m365jp.xyz\/?p=3586"},"modified":"2023-10-12T02:16:16","modified_gmt":"2023-10-11T17:16:16","slug":"mc680761-new-security-capabilities-of-event-tracing-for-windows","status":"publish","type":"post","link":"https:\/\/m365jp.net\/index.php\/2023-10-12-mc680761-new-security-capabilities-of-event-tracing-for-windows","title":{"rendered":"MC680761 | New security capabilities of Event Tracing for Windows"},"content":{"rendered":"
\n
\n
\n\n\n\n
MC680761 | New security capabilities of Event Tracing for Windows<\/th>\n<\/tr>\n<\/tbody>\n<\/table>\n
\n\n\n\n\n\n\n\n\n
Classification<\/th>\nstayInformed<\/td>\n<\/tr>\n
Last Updated<\/th>\n10\/11\/2023 16:58:30<\/td>\n<\/tr>\n
Start Time<\/th>\n10\/11\/2023 16:58:29<\/td>\n<\/tr>\n
End Time<\/th>\n10\/11\/2024 16:58:29<\/td>\n<\/tr>\n
Message Content<\/th>\n\n
Whether you\u2019re in cybersecurity, IT, performance, or software development, improved resources can help you diagnose cybersecurity threats. While you could previously use Event Tracing for Windows for limited audit functions, nine events have recently been improved for better insight. Specifically, several security-related events now show Process ID and Process Start Key in the event schema, allowing you to confirm the causal process of these events. We\u2019ve also increased the event version as events are updated over time, following the application compatibility policy.  <\/div>\n
 <\/div>\n
When will this happen:<\/b> <\/div>\n
These improvements are already available on all Windows versions. <\/div>\n
 <\/div>\n
How this will affect your organization:<\/b> <\/div>\n
Organizations can better leverage Windows Event Viewer for security diagnostics and auditing. Before now, Event Tracing for Windows logs listed some events and processes affecting a device with a generic message of “The system\/kernel logged this event.” As such, some events might have appeared as if they were caused by a different action. Today, the initiating process is added to the payload part of the following events in form of Process ID and Process Start Key: <\/div>\n
 <\/div>\n
Machine Translation<\/th>\n\n
\u30b5\u30a4\u30d0\u30fc\u30bb\u30ad\u30e5\u30ea\u30c6\u30a3\u3001IT\u3001\u30d1\u30d5\u30a9\u30fc\u30de\u30f3\u30b9\u3001\u30bd\u30d5\u30c8\u30a6\u30a7\u30a2\u958b\u767a\u306e\u3044\u305a\u308c\u3067\u3042\u3063\u3066\u3082\u3001\u30ea\u30bd\u30fc\u30b9\u306e\u6539\u5584\u306f\u30b5\u30a4\u30d0\u30fc\u30bb\u30ad\u30e5\u30ea\u30c6\u30a3\u306e\u8105\u5a01\u306e\u8a3a\u65ad\u306b\u5f79\u7acb\u3061\u307e\u3059\u3002\u4ee5\u524d\u306f\u3001Windows \u30a4\u30d9\u30f3\u30c8 \u30c8\u30ec\u30fc\u30b7\u30f3\u30b0\u3092\u4f7f\u7528\u3057\u3066\u76e3\u67fb\u6a5f\u80fd\u3092\u5236\u9650\u3067\u304d\u307e\u3057\u305f\u304c\u3001\u6700\u8fd1\u30019 \u3064\u306e\u30a4\u30d9\u30f3\u30c8\u304c\u6539\u5584\u3055\u308c\u3001\u5206\u6790\u60c5\u5831\u304c\u5411\u4e0a\u3057\u307e\u3057\u305f\u3002\u5177\u4f53\u7684\u306b\u306f\u3001\u3044\u304f\u3064\u304b\u306e\u30bb\u30ad\u30e5\u30ea\u30c6\u30a3\u95a2\u9023\u30a4\u30d9\u30f3\u30c8\u3067\u3001\u30a4\u30d9\u30f3\u30c8 \u30b9\u30ad\u30fc\u30de\u306b\u30d7\u30ed\u30bb\u30b9 ID \u3068\u30d7\u30ed\u30bb\u30b9\u958b\u59cb\u30ad\u30fc\u304c\u8868\u793a\u3055\u308c\u308b\u3088\u3046\u306b\u306a\u308a\u3001\u3053\u308c\u3089\u306e\u30a4\u30d9\u30f3\u30c8\u306e\u539f\u56e0\u30d7\u30ed\u30bb\u30b9\u3092\u78ba\u8a8d\u3067\u304d\u308b\u3088\u3046\u306b\u306a\u308a\u307e\u3057\u305f\u3002\u307e\u305f\u3001\u30a2\u30d7\u30ea\u30b1\u30fc\u30b7\u30e7\u30f3\u306e\u4e92\u63db\u6027\u30dd\u30ea\u30b7\u30fc\u306b\u5f93\u3063\u3066\u3001\u30a4\u30d9\u30f3\u30c8\u304c\u6642\u9593\u306e\u7d4c\u904e\u3068\u5171\u306b\u66f4\u65b0\u3055\u308c\u308b\u305f\u3081\u3001\u30a4\u30d9\u30f3\u30c8 \u30d0\u30fc\u30b8\u30e7\u30f3\u3082\u5897\u52a0\u3057\u307e\u3057\u305f\u3002  <\/div>\n
 <\/div>\n
\u3053\u308c\u306f\u3044\u3064\u8d77\u3053\u308a\u307e\u3059\u304b:<\/b> <\/div>\n
\u3053\u308c\u3089\u306e\u6a5f\u80fd\u5f37\u5316\u306f\u3001\u3059\u3079\u3066\u306e Windows \u30d0\u30fc\u30b8\u30e7\u30f3\u3067\u65e2\u306b\u5229\u7528\u53ef\u80fd\u3067\u3059\u3002 <\/div>\n
 <\/div>\n
\u3053\u308c\u304c\u7d44\u7e54\u306b\u4e0e\u3048\u308b\u5f71\u97ff:<\/b> <\/div>\n
\u7d44\u7e54\u306f\u3001\u30bb\u30ad\u30e5\u30ea\u30c6\u30a3\u8a3a\u65ad\u3068\u76e3\u67fb\u306e\u305f\u3081\u306b Windows \u30a4\u30d9\u30f3\u30c8 \u30d3\u30e5\u30fc\u30a2\u30fc\u3092\u3088\u308a\u6709\u52b9\u306b\u6d3b\u7528\u3067\u304d\u307e\u3059\u3002\u3053\u308c\u307e\u3067\u3001Windows \u30a4\u30d9\u30f3\u30c8 \u30c8\u30ec\u30fc\u30b7\u30f3\u30b0\u306e\u30ed\u30b0\u306b\u306f\u3001\u30c7\u30d0\u30a4\u30b9\u306b\u5f71\u97ff\u3092\u4e0e\u3048\u308b\u3044\u304f\u3064\u304b\u306e\u30a4\u30d9\u30f3\u30c8\u3068\u30d7\u30ed\u30bb\u30b9\u304c\u3001”\u30b7\u30b9\u30c6\u30e0\/\u30ab\u30fc\u30cd\u30eb\u304c\u3053\u306e\u30a4\u30d9\u30f3\u30c8\u3092\u30ed\u30b0\u306b\u8a18\u9332\u3057\u307e\u3057\u305f” \u3068\u3044\u3046\u4e00\u822c\u7684\u306a\u30e1\u30c3\u30bb\u30fc\u30b8\u3068\u5171\u306b\u4e00\u89a7\u8868\u793a\u3055\u308c\u3066\u3044\u307e\u3057\u305f\u3002\u305d\u306e\u305f\u3081\u3001\u4e00\u90e8\u306e\u30a4\u30d9\u30f3\u30c8\u306f\u3001\u5225\u306e\u30a2\u30af\u30b7\u30e7\u30f3\u306b\u3088\u3063\u3066\u5f15\u304d\u8d77\u3053\u3055\u308c\u305f\u304b\u306e\u3088\u3046\u306b\u8868\u793a\u3055\u308c\u308b\u5834\u5408\u304c\u3042\u308a\u307e\u3059\u3002\u73fe\u5728\u3001\u958b\u59cb\u30d7\u30ed\u30bb\u30b9\u306f\u3001\u30d7\u30ed\u30bb\u30b9 ID \u3068\u30d7\u30ed\u30bb\u30b9\u958b\u59cb\u30ad\u30fc\u306e\u5f62\u5f0f\u3067\u6b21\u306e\u30a4\u30d9\u30f3\u30c8\u306e\u30da\u30a4\u30ed\u30fc\u30c9\u90e8\u5206\u306b\u8ffd\u52a0\u3055\u308c\u307e\u3059\u3002 <\/div>\n
 <\/div>\n