# Parse SRUM Network Usage

## Overview

**Evidence:** Parse SRUM Network Usage\
**Description:** Parse System Resource Usage Monitor (SRUM) Network Data Usage.\
**Category:**\
**Platform:** windows\
**Short Name:** srumnetparse\
**Is Parsed:** No\
**Sent to Investigation Hub:** Yes\
**Collect File(s):** No

## Data Collected

This collector gathers structured data about parse srum network usage.

### Parse SRUM Network Usage Data

| Field             | Description                                            | Example             |
| ----------------- | ------------------------------------------------------ | ------------------- |
| `AutoIncId`       | Auto-increment ID from SRUM database                   | 123                 |
| `Timestamp`       | Timestamp                                              | 2023-10-15 14:30:25 |
| `ApplicationName` | Application Name                                       | Example Name        |
| `UserSid`         | Windows SID in S-1-5-... format (from SRUM IdMapTable) | S-1-5-21-...        |
| `UserName`        | Resolved username via Windows API (LookupAccountSidW)  | Example Name        |
| `InterfaceLuid`   | LUID identifier                                        | 123                 |
| `L2ProfileId`     | L2 Profile Id                                          | 123                 |
| `L2ProfileFlags`  | L2 Profile Flags                                       | 123                 |
| `BytesSent`       | Bytes Sent                                             | 1024                |
| `BytesRecvd`      | Bytes Recvd                                            | 1024                |