How to detect USB device in DNIF?


#1

Hi Team,
Is it possible to detect a usb device if a users inserted a usb device to the monitored device by DNIF? Thanks.


#2

Hi @Will!!
I think the information of USB connect or disconnect can be seen in Windows Event logs … could you try enabling - Application and Services Logs > Microsoft > Windows > DriverFrameworks-UserMode > Operational service?

These records will consist of the following Event IDs:-

  • 2003
  • 2004
  • 2006
  • 2010
  • 2100
  • 2101
  • 2105
  • 2106

Hope you are using windows :smiley: for linux platforms syslog data should populate usb events too…


#3

@Siddhant Ahhh, I was indeed looking for the solution in Windows, lucky guess for you :sweat_smile: thanks for info indeed will try this one out. Hope it works.