Windows Active Directory log contains events collected by the UserID agent from AD servers. The log contains successful logon events (event ID 4624), Kerberos events (event IDs: 4768, 4769, 4770) and group membership events (event ID 4627). The log contains the following information:
|
Name |
Description |
|---|---|
|
Node |
UserGate node where the event occurred. |
|
Time |
The time of the event. |
|
Endpoint event log record details |
The link to the event. |
|
Device/sensor |
UserID connector. |
|
Log level |
The "Keywords" field from AD log. |
|
Data |
Event details from AD log. |
|
Log event source |
The "Source" field from AD log. |
|
Log category |
Incident category code (12554 Group Membership, 12544 Logon, 14337 Kerberos Service Ticket Operations etc.) |
|
Incident category |
The "Task type" field from AD log. |
|
Computer name |
windows node where the event took place. |
|
User |
The "User" field from AD log. |
|
Log event code |
The "Event code" field from AD log (EventCode). |
|
Log event ID |
The "Event ID" field from AD log (EventID). |
|
Log event type |
Windows log even type (System/Security/Application etc.) |
|
Log file |
Windows log file. |