Windows Active Directory log contains events collected by the UserID agent from AD servers. The log contains successful logon events (event ID 4624), Kerberos events (event IDs: 4768, 4769, 4770) and group membership events (event ID 4627). The log contains the following information:
Name |
Description |
---|---|
Node |
UserGate node where the event occurred. |
Time |
The time of the event. |
Endpoint event log record details |
The link to the event. |
Device/sensor |
UserID connector. |
Log level |
The "Keywords" field from AD log. |
Data |
Event details from AD log. |
Log event source |
The "Source" field from AD log. |
Log category |
Incident category code (12554 Group Membership, 12544 Logon, 14337 Kerberos Service Ticket Operations etc.) |
Incident category |
The "Task type" field from AD log. |
Computer name |
windows node where the event took place. |
User |
The "User" field from AD log. |
Log event code |
The "Event code" field from AD log (EventCode). |
Log event ID |
The "Event ID" field from AD log (EventID). |
Log event type |
Windows log even type (System/Security/Application etc.) |
Log file |
Windows log file. |