title: DN_0038_400_windows_powershell_engine_lifecycle
description: >
  TODO
loggingpolicy: 
  - TODO
references:
  - https://github.com/Cyb3rWard0g/OSSEM/blob/master/data_dictionaries/windows/powershell/events/event-400.md
category: OS Logs
platform: Windows
type: Applications and Services Logs
channel: Windows PowerShell
provider: PowerShell
fields:
  - EventID
  - Computer
  - Hostname # redundant
sample: |
  - <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
    - <System>
        <Provider Name="PowerShell" /> 
        <EventID Qualifiers="0">400</EventID> 
        <Level>4</Level> 
        <Task>4</Task> 
        <Keywords>0x80000000000000</Keywords> 
        <TimeCreated SystemTime="2019-02-05T15:13:04.885878700Z" /> 
        <EventRecordID>50575</EventRecordID> 
        <Channel>Windows PowerShell</Channel> 
        <Computer>atc-win-10.atc.local</Computer> 
        <Security /> 
      </System>
    - <EventData>
        <Data>Available</Data> 
        <Data>None</Data> 
        <Data>NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=Windows PowerShell ISE Host HostVersion=5.1.17134.407 HostId=9478b487-c2ea-4aa8-8eb3-9b7bad25b39f HostApplication=C:\windows\system32\WindowsPowerShell\v1.0\PowerShell_ISE.exe EngineVersion=5.1.17134.407 RunspaceId=9f89fa00-ca26-402e-9dea-29c6d2447f7b PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=</Data> 
      </EventData>
    </Event>