Skip to main content
Skip table of contents

EVID 4985 : Transaction State Changed

Event Details

Event TypeTransaction State Changed
Event Description4985 : The state of a transaction has changed.
Event ID4985
Vendor Documentationhttps://docs.microsoft.com/en-us/windows/security/threat-protection/auditing/event-4985

Log Fields and Parsing

This section details the log fields available in this log message type, along with values parsed for both LogRhythm Default and LogRhythm Default v2.0 policies. A value of "N/A" (not applicable) means that there is no value parsed for a specified log field.

Log Field

LogRhythm Default

LogRhythm Default v2.0

ProviderN/AN/A
EventID<vmid><vmid>
VersionN/AN/A
Level<severity><severity>
Task<vendorinfo><vendorinfo>
Audit<tag1>N/A
computer<dname>N/A
OpcodeN/AN/A
KeywordsN/A<result>
TimeCreatedN/AN/A
EventRecordIDN/AN/A
CorrelationN/AN/A
ExecutionN/AN/A
ChannelN/AN/A
ComputerN/A<dname>
SubjectUserSidN/AN/A
SubjectUserName<login><login>
SubjectDomainName<domain><domainorign>
SubjectLogonId<session><session>
objectname<objectname>N/A
ObjectValueName<object>N/A
ObjectType <object>N/A
handleid<object>N/A
operationtype<tag2>N/A
AccessList<command> <tag2>N/A
Accessmask<status>N/A
TransactionIdN/AN/A
NewStateN/A<object>
ResourceManagerN/AN/A
ProcessIdN/A<processid>
ProcessNameN/A<process>

Log Processing Settings

This section details log processing changes made from the LogRhythm Default policy to LogRhythm Default v2.0. In some cases, base rules are broken down into sub-rules to appropriately parse log message types by their event types.

LogRhythm Default

Regex IDRule NameRule TypeCommon EventClassification
1007793Object AccessBase RuleGroup Membership InformationInformation
EVID 4985 : State Of Transaction ChangedSub RuleTransaction State ChangeNetwork Traffic

LogRhythm Default v2.0

Regex ID

Rule Name

Rule Type

Common Event

Classification

1012328
V 2.0 : EVID 4985 : Transaction State ChangedBase RuleGeneral Transaction InformationInformation
JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.

Contact Support Close