Getting siam alert for office online server from siem security

AVIJIT DAS 31 Reputation points
2022-11-01T06:03:39.233+00:00

We are getting this unusual alert from for office online server can anyone explain what is this?

“c:\windows\system32\inetsrv\w3wp.exe -ap "FarmStateManager" -v "v4.0" -l "webengine4.dll" -a \.\pipe\iisipm48af5fd7-b31e-445b-aa7d-2a5d7830c3e0 -h "C:\inetpub\temp\apppools\FarmStateManager\FarmStateManager.config" -w "" -m 0 -t 20 -ta 0”

Windows Server Security
Windows Server Security
Windows Server: A family of Microsoft server operating systems that support enterprise-level management, data storage, applications, and communications.Security: The precautions taken to guard against crime, attack, sabotage, espionage, or another threat.
1,766 questions
Windows Server PowerShell
Windows Server PowerShell
Windows Server: A family of Microsoft server operating systems that support enterprise-level management, data storage, applications, and communications.PowerShell: A family of Microsoft task automation and configuration management frameworks consisting of a command-line shell and associated scripting language.
5,435 questions
{count} votes

1 answer

Sort by: Most helpful
  1. Rich Matheisen 45,431 Reputation points
    2022-11-01T18:51:43.027+00:00

    SIEM is a reporting system.

    W3wp.exe runs an IIS APP Pool (in this case, one named "FarmStateManager").

    If the alert doesn't say what the problem was (or is) I don't think anyone's going to be able to help you.

    I'll echo the answer from @Kael Yao-MSFT , though. Your problem has nothing to do with PowerShell. You should remove that windows-server-powershell. I think a more appropriate one would contain IIS -- but without an error message, that alert is pretty worthless.

    0 comments No comments