Parse SRUM Application Usage
Overview
Section titled “Overview”Evidence: Parse SRUM Application Usage
Description: Parse System Resource Usage Monitor (SRUM) Application Resource Usage data.
Category:
Platform: windows
Short Name: srumappparse
Is Parsed: No
Sent to Investigation Hub: Yes
Collect File(s): No
Data Collected
Section titled “Data Collected”This collector gathers structured data about parse srum application usage.
Parse SRUM Application Usage Data
Section titled “Parse SRUM Application Usage Data”| Field | Description | Example |
|---|---|---|
AutoIncId | Auto-increment ID from SRUM database | 123 |
Timestamp | Timestamp | 2023-10-15 14:30:25 |
ApplicationName | Application Name | Example Name |
UserSid | Windows SID in S-1-5-… format (from SRUM IdMapTable) | S-1-5-21-… |
UserName | Resolved username via Windows API (LookupAccountSidW) | Example Name |
ForegroundCycleTime | Foreground Cycle Time | 2023-10-15 14:30:25 |
BackgroundCycleTime | Background Cycle Time | 2023-10-15 14:30:25 |
Facetime | Facetime | 2023-10-15 14:30:25 |
ForegroundContextSwitches | Foreground Context Switches | 123 |
BackgroundContextSwitches | Background Context Switches | 123 |
ForegroundBytesRead | Foreground Bytes Read | 1024 |
ForegroundBytesWritten | Foreground Bytes Written | 1024 |
ForegroundNumReadOperations | Foreground Num Read Operations | 123 |
ForegroundNumWriteOperations | Foreground Num Write Operations | 123 |
ForegroundNumberOfFlushes | Foreground Number Of Flushes | 123 |
BackgroundBytesRead | Background Bytes Read | 1024 |
BackgroundBytesWritten | Background Bytes Written | 1024 |
BackgroundNumReadOperations | Background Num Read Operations | 123 |
BackgroundNumWriteOperations | Background Num Write Operations | 123 |
BackgroundNumberOfFlushes | Background Number Of Flushes | 123 |