Windows RPC Schema🔗
Note
Schema docs show the fields available for normalization. For a schema field to be populated in XDR, its corresponding field defined in the parser must exist in the original data. Normalized data shows in the Normalized Data tab of events and is searchable in XDR only if the corresponding field exists in the original data. The Schema Library in Advanced Search shows only searchable fields.
WinRPCInfo🔗
| Field | Type | Parser Field | Description |
|---|---|---|---|
| interface_id | string | RPC interface UUID for drsuapi methods | |
| binding | string | Binding identifier necessary to establish RPC communications | |
| binding_pipe_name | string | Contains a pipe name if present in the binding field | |
| binding_address | string | Contains an IP address if present in the binding field | |
| binding_port | uint64 | Contains a port if present in the binding field | |
| target | string | Contains an identifier for the RPC target | |
| target_address | string | Contains an IP address if present in the target field | |
| target_port | uint64 | Contains a port if present in the target field | |
| target_pipe_name | string | Contains a pipe name if present in the target field | |
| procedure_name | string | Specific RPC procedure name being invoked |