サポートと今すぐチャット
サポートとのチャット

Change Auditor for Logon Activity 7.1.1 - Event Reference Guide

Domain Controller Authentication

Kerberos user ticket that exceeds the maximum ticket lifetime detected

A Kerberos user ticket can be used to verify your identity and gain access to specific resources or services in your domain. A golden ticket is a forged Kerberos ticket.

An attack using a golden ticket is extremely dangerous due to the forged identity, elevated access it allows, and because it can be reused over its lifetime (10 years by default).

This event is created when the Kerberos Ticket Lifetime value in agent configuration is exceeded indicating a possible golden ticket attack.

High

User authenticated through Kerberos

Created when a user successfully authenticated to a domain controller using Kerberos authentication. (Disabled by default)

Medium

User failed to authenticate through Kerberos

Created when a user failed to authenticate to a domain controller using Kerberos authentication.

Medium

User authenticated through NTLM

Created when a user successfully authenticated to a domain controller using NTLM authentication. (Disabled by default)

Low

User failed to authenticate through NTLM

Created when a user failed to authenticate to a domain controller using NTLM authentication.

Medium

Logon Session

A user session took place

Created when a user session took place on a monitored computer.

Medium

A user session was ended by the screensaver turning on

Created when a user session is ended because the screensaver turned on.

Medium

A user session was ended by user locking the computer

Created when a user session is ended because the user locked up the computer.

Medium

A user session was ended by user logging off

Created when a user session is ended because the user logged off.

Medium

A user session was ended by user stopping a terminal services connection

Created when a user session is ended because the user stopped a terminal services connection.

Medium

A user session was ended due to computer shutdown

Created when a user session is ended because a user has shut down or restarted the computer.

Medium

A user session was ended due to user switch

Created when a user session is ended because a different user has logged on.

Medium

A user session was started

Created when a user session is started on a monitored computer.

Medium

A user session was started before the start of the user session monitoring service

Created when a new user session is started before the user session monitoring service is started.

Medium

A user session was started by user exiting screensaver mode

Created when a new user session is started because the user exited the screensaver mode.

Medium

A user session was started by user making a terminal services connection

Created when a new user session is started because a user logged in through a terminal services connection.

Medium

A user session was started by user unlocking the computer

Created when a new user session is started because the user unlocked the computer.

Medium

A user session was started due to user switch

Created when a new user session is started because a different user has logged on.

Medium

An incorrectly finished user session was found

Created when an incorrectly finished user session is found when the user session monitoring service is started.

Medium

関連ドキュメント

The document was helpful.

評価を選択

I easily found the information I needed.

評価を選択