Parse SRUM Application Timeline

Overview

Evidence: Parse SRUM Application Timeline Description: Parse System Resource Usage Monitor (SRUM) Application Timeline data. Category: Platform: windows Short Name: srumtimeparse Is Parsed: No Sent to Investigation Hub: Yes Collect File(s): No

Data Collected

This collector gathers structured data about parse srum application timeline.

Parse SRUM Application Timeline Data

Field

Description

Example

AutoIncId

Auto-increment ID from SRUM database

123

Timestamp

Timestamp

2023-10-15 14:30:25

InFocusTimestamp

In Focus Timestamp

2023-10-15 14:30:25

UserInputTimestamp

User Input Timestamp

2023-10-15 14:30:25

InFocusS

In Focus S

123

PSMForegroundS

PSM Foreground S

123

UserInputS

User Input S

DOMAIN\User

InFocusTransitions

In Focus Transitions

123

AppName

App Name

Example Name

UserSid

Windows SID in S-1-5-... format (from SRUM IdMapTable)

S-1-5-21-...

UserName

Resolved username via Windows API (LookupAccountSidW)

Example Name

PreviousParse LNK Files NextParse SRUM Application Usage

Last updated 16 days ago

Was this helpful?