From e0a2435af96be4e6cebd4b89a1f8ac1c1739466c Mon Sep 17 00:00:00 2001 From: Gary Moore Date: Fri, 3 Sep 2021 17:41:08 -0700 Subject: [PATCH] Corrected font weight of table headings Table headings are bold by default, and the font weight is heavier without formatting for bold (**). --- windows/security/threat-protection/auditing/event-4768.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/windows/security/threat-protection/auditing/event-4768.md b/windows/security/threat-protection/auditing/event-4768.md index 81482d1771..340264fa1e 100644 --- a/windows/security/threat-protection/auditing/event-4768.md +++ b/windows/security/threat-protection/auditing/event-4768.md @@ -312,7 +312,7 @@ The most common values: For 4768(S, F): A Kerberos authentication ticket (TGT) was requested. -| **Type of monitoring required** | **Recommendation** | +| Type of monitoring required | Recommendation | |-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|----------------------------------------------------------------------------------------------------------------------------------------------------------------| | **High-value accounts**: You might have high-value domain or local accounts for which you need to monitor each action.
Examples of high-value accounts are database administrators, built-in local administrator account, domain administrators, service accounts, domain controller accounts and so on. | Monitor this event with the **“User ID”** that corresponds to the high-value account or accounts. | | **Anomalies or malicious actions**: You might have specific requirements for detecting anomalies or monitoring potential malicious actions. For example, you might need to monitor for use of an account outside of working hours. | When you monitor for anomalies or malicious actions, use the **“User ID”** (with other information) to monitor how or when a particular account is being used. | @@ -331,7 +331,7 @@ For 4768(S, F): A Kerberos authentication ticket (TGT) was requested. - Also consider monitoring the fields shown in the following table, to discover the issues listed: -| **Field** | **Issue to discover** | +| Field | Issue to discover | |-----------------------------|---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| | **Certificate Issuer Name** | Certification authority name is not from your PKI. | | **Certificate Issuer Name** | Certification authority name is not authorized to issue smart card authentication certificates. |