TA_ETW
TA_ETW copied to clipboard
vector-sec
System.FormatException
Hello,
how can we verify what event caused below exception?
02-13-2021 15:09:54.642 -0600 FATAL ExecProcessor - message from ""C:\Program Files\SplunkUniversalForwarder\etc\apps\blablabin\TA_ETW.exe"" Exception during streaming: name=TA_ETW://TA_ETW_DNS | System.FormatException: Input string was not in a correct format. | at System.Number.StringToNumber(String str, NumberStyles options, NumberBuffer& number, NumberFormatInfo info, Boolean parseDecimal) | at System.Number.ParseInt32(String s, NumberStyles style, NumberFormatInfo info) | at CallSite.Target(Closure , CallSite , Type , Object ) | at TA_ETW.TA_ETW.ProcessEventRecord(EtwTrace etwtrace, IEventRecord r) | at TA_ETW.TA_ETW.<>c__DisplayClass4_1.<StreamEventsAsync>b__0(IEventRecord r) | at Microsoft.O365.Security.ETW.EventFilter.EventNotification(_EVENT_RECORD* A_0) | at std._Func_impl_no_alloc<void (__cdecl*)(_EVENT_RECORD const &),void,_EVENT_RECORD const &>._Do_call(_Func_impl_no_alloc<void (__cdecl*)(_EVENT_RECORD const &),void,_EVENT_RECORD const &>* , _EVENT_RECORD* <_Args_0>) | at std._Func_class<void,_EVENT_RECORD const &>.()(_Func_class<void,_EVENT_RECORD const &>* , _EVENT_RECORD* <_Args_0>) | at krabs.event_filter.on_event(event_filter* , _EVENT_RECORD* record) | at krabs.details.base_provider
