deepblue/windows-itpro-docs
1
0
Fork 0
mirror of https://github.com/MicrosoftDocs/windows-itpro-docs.git synced 2025-06-21 21:33:38 +00:00
Code Issues Actions 3 Packages Projects Releases Wiki Activity

Merge branch 'main' into metasecurity4

Browse Source
This commit is contained in:
Liz Long
2022-10-25 15:59:09 -04:00
committed by GitHub
parent b490bf1697 5413f02a16
commit 6aa0188b8f
11 changed files with 76 additions and 76 deletions
Download Patch File Download Diff File Expand all files Collapse all files

16
windows/security/threat-protection/auditing/event-4774.md
View File

@ -8,16 +8,13 @@ ms.sitesec: library
ms.localizationpriority: none
author: vinaypamnani-msft
ms.date: 09/07/2021
ms.reviewer:
ms.reviewer:
manager: aaroncz
ms.author: vinpa
ms.technology: windows-sec
---
# 4774(S, F): An account was mapped for logon.
Success events do not appear to occur. Failure event [has been reported](http://forum.ultimatewindowssecurity.com/Topic7313-282-1.aspx).
# 4774(S, F): An account was mapped for logon
***Subcategory:*** [Audit Credential Validation](audit-credential-validation.md)
@ -25,11 +22,11 @@ Success events do not appear to occur. Failure event [has been reported](http://
*An account was mapped for logon.*
*Authentication Package:Schannel*
*Authentication Package:* `<Authentication package>`
*Account UPN:*<*Acccount*>@<*Domain*>
*Account UPN:* `<Acccount>@<Domain>`
*Mapped Name:*<*Account*>
*Mapped Name:* `<Account>`
***Required Server Roles:*** no information.
@ -39,5 +36,4 @@ Success events do not appear to occur. Failure event [has been reported](http://
## Security Monitoring Recommendations
- There is no recommendation for this event in this document.
- There is no recommendation for this event in this document.

60
windows/security/threat-protection/auditing/event-5632.md
View File

@ -8,7 +8,7 @@ ms.sitesec: library
ms.localizationpriority: none
author: vinaypamnani-msft
ms.date: 09/08/2021
ms.reviewer:
ms.reviewer:
manager: aaroncz
ms.author: vinpa
ms.technology: windows-sec
@ -35,36 +35,36 @@ It typically generates when network adapter connects to new wireless network.
```
- <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
- <System>
<Provider Name="Microsoft-Windows-Security-Auditing" Guid="{54849625-5478-4994-A5BA-3E3B0328C30D}" />
<EventID>5632</EventID>
<Version>1</Version>
<Level>0</Level>
<Task>12551</Task>
<Opcode>0</Opcode>
<Keywords>0x8020000000000000</Keywords>
<TimeCreated SystemTime="2015-11-10T23:10:34.052054800Z" />
<EventRecordID>44113845</EventRecordID>
<Correlation />
<Execution ProcessID="712" ThreadID="4176" />
<Channel>Security</Channel>
<Computer>XXXXXXX.redmond.corp.microsoft.com</Computer>
<Security />
<Provider Name="Microsoft-Windows-Security-Auditing" Guid="{54849625-5478-4994-A5BA-3E3B0328C30D}" />
<EventID>5632</EventID>
<Version>1</Version>
<Level>0</Level>
<Task>12551</Task>
<Opcode>0</Opcode>
<Keywords>0x8020000000000000</Keywords>
<TimeCreated SystemTime="2015-11-10T23:10:34.052054800Z" />
<EventRecordID>44113845</EventRecordID>
<Correlation />
<Execution ProcessID="712" ThreadID="4176" />
<Channel>Security</Channel>
<Computer>XXXXXXX.redmond.corp.microsoft.com</Computer>
<Security />
</System>
- <EventData>
<Data Name="SSID">Nokia</Data>
<Data Name="Identity">host/XXXXXXXX.redmond.corp.microsoft.com</Data>
<Data Name="SubjectUserName">-</Data>
<Data Name="SubjectDomainName">-</Data>
<Data Name="SubjectLogonId">0x0</Data>
<Data Name="PeerMac">18:64:72:F3:33:91</Data>
<Data Name="LocalMac">02:1A:C5:14:59:C9</Data>
<Data Name="IntfGuid">{2BB33827-6BB6-48DB-8DE6-DB9E0B9F9C9B}</Data>
<Data Name="ReasonCode">0x0</Data>
<Data Name="ReasonText">The operation was successful.</Data>
<Data Name="ErrorCode">0x0</Data>
<Data Name="EAPReasonCode">0x0</Data>
<Data Name="EapRootCauseString" />
<Data Name="EAPErrorCode">0x0</Data>
<Data Name="SSID">Nokia</Data>
<Data Name="Identity">host/XXXXXXXX.redmond.corp.microsoft.com</Data>
<Data Name="SubjectUserName">-</Data>
<Data Name="SubjectDomainName">-</Data>
<Data Name="SubjectLogonId">0x0</Data>
<Data Name="PeerMac">18:64:72:F3:33:91</Data>
<Data Name="LocalMac">02:1A:C5:14:59:C9</Data>
<Data Name="IntfGuid">{2BB33827-6BB6-48DB-8DE6-DB9E0B9F9C9B}</Data>
<Data Name="ReasonCode">0x0</Data>
<Data Name="ReasonText">The operation was successful.</Data>
<Data Name="ErrorCode">0x0</Data>
<Data Name="EAPReasonCode">0x0</Data>
<Data Name="EapRootCauseString" />
<Data Name="EAPErrorCode">0x0</Data>
</EventData>
</Event>
```
@ -127,7 +127,7 @@ You can see interfaces GUID using the following commands:
- **Error Code** \[Type = HexInt32\]**:** there's no information about this field in this document.
- **EAP Reason Code** \[Type = HexInt32\]**:** there's no information about this field in this document. See additional information here: <https://technet.microsoft.com/library/dd197570(v=ws.10).aspx>.
- **EAP Reason Code** \[Type = HexInt32\]**:** there's no information about this field in this document. See [EAP Related Error and Information Constants](/windows/win32/eaphost/eap-related-error-and-information-constants) for additional information.
- **EAP Root Cause String** \[Type = UnicodeString\]**:** there's no information about this field in this document.