Submitting forms on the support site are temporary unavailable for schedule maintenance. If you need immediate assistance please contact technical support. We apologize for the inconvenience.
라이브 도움말 보기
등록 완료
로그인
가격 산정 요청
영업 담당자에게 문의
제품 번들을 선택했습니다. 귀하의 요청에 더 적합한 서비스를 제공해 드릴 수 있도록 개별 제품을 선택해 주십시오. *
지금은 채팅에 회신할 수 있는 기술 지원 엔지니어가 없습니다. 즉각적인 서비스를 받으려면 당사의 서비스 요청 양식을 사용하여 요청을 제출하십시오.
다음 문서의 설명에 따라 문제를 해결할 수 있습니다.
Change Auditor audits activities in the Azure Active Directory that correspond to the events in the Sign-ins report in the Azure Active Directory portal.
Failed Azure Active Directory sign-in
Created when a user fails to sign-in to an application. The event details show the user whose attempt failed, their location, and the application they attempted to access.
Medium
Successful Azure Active Directory sign-in
Created when a user successfully signs-in to an application. The event details show the user whose attempt failed, their location, and the application they attempted to access.
Low
Azure Active Directory - sign-in event
Generic sign-in event with a dynamically constructed event description (What statement). The event is created when sign-in activity is detected that does not have a corresponding event defined in Change Auditor.
Change Auditor audits activities in the Azure Active Directory that correspond to the events in the Risky sign-ins report in the Azure Active Directory portal.
Active risk event detected
Created when a new risk event is detected with an active state.
High
Active risk event status changed to closed
Created when an active risk event is closed as a result of being marked as:
This event helps you to understand why a risk event has been manually closed.
Closed risk event status changed to active
Created when a closed risk event is reactivated.
Closed risk event detected
Created when a new risk event is detected with a closed state. This can happen if the risk event has been marked as resolved, a false positive, set to ignore, closed (remediated), closed (login blocked), closed (automatic multi-factor authentication), or closed (multiple reasons) before it has been detected by Change Auditor for the first time.
A Kerberos service ticket was created with an unsafe encryption type
This event is created when a Kerberos service ticket was created for a service with weak encryption type: not AES.
Kerberos user ticket that exceeds the maximum ticket lifetime detected
A Kerberos user ticket can be used to verify your identity and gain access to specific resources or services in your domain. A golden ticket is a forged Kerberos ticket.
An attack using a golden ticket is extremely dangerous due to the forged identity, elevated access it allows, and because it can be reused over its lifetime (10 years by default).
This event is created when the Kerberos Ticket Lifetime value in agent configuration is exceeded indicating a possible golden ticket attack.
User authenticated through Kerberos
Created when a user successfully authenticated to a domain controller using Kerberos authentication. (Disabled by default)
User failed to authenticate through Kerberos
Created when a user failed to authenticate to a domain controller using Kerberos authentication.
User authenticated through NTLM
Created when a user successfully authenticated to a domain controller using NTLM authentication. (Disabled by default)
User failed to authenticate through NTLM
Created when a user failed to authenticate to a domain controller using NTLM authentication.
A user session took place
Created when a user session took place on a monitored computer.
A user session was ended by the screensaver turning on
Created when a user session is ended because the screensaver turned on.
A user session was ended by user locking the computer
Created when a user session is ended because the user locked up the computer.
A user session was ended by user logging off
Created when a user session is ended because the user logged off.
A user session was ended by user stopping a terminal services connection
Created when a user session is ended because the user stopped a terminal services connection.
A user session was ended due to computer shutdown
Created when a user session is ended because a user has shut down or restarted the computer.
A user session was ended due to user switch
Created when a user session is ended because a different user has logged on.
A user session was started
Created when a user session is started on a monitored computer.
A user session was started before the start of the user session monitoring service
Created when a new user session is started before the user session monitoring service is started.
A user session was started by user exiting screensaver mode
Created when a new user session is started because the user exited the screensaver mode.
A user session was started by user making a terminal services connection
Created when a new user session is started because a user logged in through a terminal services connection.
A user session was started by user unlocking the computer
Created when a new user session is started because the user unlocked the computer.
A user session was started due to user switch
Created when a new user session is started because a different user has logged on.
An incorrectly finished user session was found
Created when an incorrectly finished user session is found when the user session monitoring service is started.
계열사 지원 사이트에서 Quest *제품*에 대한 온라인 지원 도움말을 볼 수 있습니다. 올바른 *제품* 지원 콘텐츠 및 지원에 연결하려면 계속을 클릭하십시오.
The document was helpful.
평가 결과 선택
I easily found the information I needed.
© 2024 Quest Software Inc. ALL RIGHTS RESERVED. 이용 약관 개인정보 보호정책 Cookie Preference Center
Quest Software 포털은 더 이상 IE 8, 9, 10을 지원하지 않습니다. 브라우저를 최신 버전의 Internet Explorer나 Chrome으로 업그레이드하는 것이 좋습니다.
IE 11로 업그레이드 여기를 클릭
Chrome으로 업그레이드 여기를 클릭
IE 8, 9 또는 10을 계속 사용할 경우 당사가 제공하는 뛰어난 셀프서비스 기능 모두를 최대한으로 활용하실 수 없습니다.