Skip to content
AIR Knowledge Base

Parse SRUM Application Timeline

Overview

Section titled “Overview”

Evidence: Parse SRUM Application Timeline
Description: Parse System Resource Usage Monitor (SRUM) Application Timeline data.
Category:
Platform: windows
Short Name: srumtimeparse
Is Parsed: No
Sent to Investigation Hub: Yes
Collect File(s): No

Data Collected

Section titled “Data Collected”

This collector gathers structured data about parse srum application timeline.

Parse SRUM Application Timeline Data

Section titled “Parse SRUM Application Timeline Data”
FieldDescriptionExample
AutoIncIdAuto-increment ID from SRUM database123
TimestampTimestamp2023-10-15 14:30:25
InFocusTimestampIn Focus Timestamp2023-10-15 14:30:25
UserInputTimestampUser Input Timestamp2023-10-15 14:30:25
InFocusSIn Focus S123
PSMForegroundSPSM Foreground S123
UserInputSUser Input SDOMAIN\User
InFocusTransitionsIn Focus Transitions123
AppNameApp NameExample Name
UserSidWindows SID in S-1-5-… format (from SRUM IdMapTable)S-1-5-21-…
UserNameResolved username via Windows API (LookupAccountSidW)Example Name