Parse SRUM Network Usage
Overview
Section titled “Overview”Evidence: Parse SRUM Network Usage
Description: Parse System Resource Usage Monitor (SRUM) Network Data Usage.
Category:
Platform: windows
Short Name: srumnetparse
Is Parsed: No
Sent to Investigation Hub: Yes
Collect File(s): No
Data Collected
Section titled “Data Collected”This collector gathers structured data about parse srum network usage.
Parse SRUM Network Usage Data
Section titled “Parse SRUM Network Usage Data”| Field | Description | Example |
|---|---|---|
AutoIncId | Auto-increment ID from SRUM database | 123 |
Timestamp | Timestamp | 2023-10-15 14:30:25 |
ApplicationName | Application Name | Example Name |
UserSid | Windows SID in S-1-5-… format (from SRUM IdMapTable) | S-1-5-21-… |
UserName | Resolved username via Windows API (LookupAccountSidW) | Example Name |
InterfaceLuid | LUID identifier | 123 |
L2ProfileId | L2 Profile Id | 123 |
L2ProfileFlags | L2 Profile Flags | 123 |
BytesSent | Bytes Sent | 1024 |
BytesRecvd | Bytes Recvd | 1024 |