Windows Application Crashes

Application crashes may warrant investigation to determine if the crash is malicious or benign. Categories of crashes include Blue Screen of Death (BSOD), Windows Error Reporting (WER), Application Crash and Application Hang events. If the organization is actively using the Microsoft Enhanced Mitigation Experience Toolkit (EMET), then EMET logs can also be collected.

Sections on this page

SIEM Events

App Crash

Application Crashed Event Source - Application Error - Event Log - Application

App Hang

Event Source - Application Hang - Event Log - Application

BSOD

Event Source - Microsoft-Windows-WER-SystemErrorReporting - Event Log - System

AIS Managed SIEM

Last modified March 30, 2021