2026-02-20
InfoGuard Labs
Uncategorized
Velociraptor
/
ETW
/
KernelNetwork

Windows.ETW.KernelNetwork

https://github.com/Velocidex/velociraptor/blob/master/artifacts/definitions/Windows/ETW/KernelNetwork.yaml

Added regex filters for source and destination IPs and ports in `Windows.ETW.KernelNetwork` to make live network event filtering more targeted.

Notes#

The update added DaddrRegex, SaddrRegex, DportRegex, and SportRegex parameters to Windows.ETW.KernelNetwork, allowing the artifact to filter ETW network events by source and destination IP addresses and ports.

© 2026 InfoGuard AG. All Rights Reserved. / Jobs / Got hacked? / RSS / Sitemap