I was just investigating why task scheduler tasks triggered by events stopped working months ago and found that, in WIndows 10, 2097 is the event for Added Rule (used to be 2004) and 2099 is the event for Modified Rule (used to be 2005), while Delete Rule remains 2006. This thread is the only thing that came up when I Googled this, so it appears undocumented by Microsoft and adding this in case it helps anyone who does likewise.
Microsoft-Windows-Windows Firewall With Advanced Security/Firewall Event ID 2071 & 2097
Marcin Górski
5
Reputation points
Hello,
In the Azure Sentinel Events table, I'm seeing event IDs 2071 and 2097 from Microsoft-Windows-Windows Firewall With Advanced Security/Firewall but I can't find any information about them in the official documentation.
Event ID 2071 occurs on Windows 11, and Event ID 2097 occurs on Windows 10 workstations.
Can you provide detailed information about those event IDs or direct me to find detailed information in the documentation?
Br