Automatically generated based on tag:
Title | Type | Summary | Location |
---|---|---|---|
ETW - PowerShell remoting - Source host | Page | Source host initiating a PowerShell remoting / WinRM access. Main events: Channel: Microsoft-Windows-Windows Remote Management/Operational. Event ID 6: "Creating WSMan Session. The connection string is: <REMOTE_HOST>/wsman?PSVersion=XXX". |
Channel: Microsoft-Windows-Windows Remote Management/Operational. Events: 2, 4, 6, 8, 12, 15, 16, 30, 31, 33, 80, 162, 166. |
View on GitHub