Windows Active Directory log

Windows Active Directory log contains events collected by the UserID agent from AD servers. The log contains successful logon events (event ID 4624), Kerberos events (event IDs: 4768, 4769, 4770) and group membership events (event ID 4627). The log contains the following information:

Name

Description

Node

UserGate node where the event occurred.

Time

The time of the event.

Endpoint event log record details

The link to the event.

Device/sensor

UserID connector.

Log level

The "Keywords" field from AD log.

Data

Event details from AD log.

Log event source

The "Source" field from AD log.

Log category

Incident category code (12554 Group Membership, 12544 Logon, 14337 Kerberos Service Ticket Operations etc.)

Incident category

The "Task type" field from AD log.

Computer name

windows node where the event took place.

User

The "User" field from AD log.

Log event code

The "Event code" field from AD log (EventCode).

Log event ID

The "Event ID" field from AD log (EventID).

Log event type

Windows log even type (System/Security/Application etc.)

Log file

Windows log file.