Build a great reporting interface using Splunk, one of the leaders in the Security Information and Event Management (SIEM) field, linking the collected Windows events to www.eventid.net. The EventId.Net for Splunk Add-on assumes that Splunk is collecting information from Windows servers and workstation via the Splunk Universal Forwarder.
|Type: Success Audit|
Process ID: 0x99c
Name: C:\Program Files\VMware\VMware Tools\vmtoolsd.exe
Previous Time: 2013-04-22T18:52:57.909316700Z
New Time: 2013-04-22T18:51:49.908000000Z
This event is generated when the system time is changed. It is normal for the Windows Time Service which runs with System privilege to change the system time on a regular basis. Other system time changes may be indicative of attempts to tamper with the computer.
|English: Request a translation of the event description in plain English.|
Usually normal activity especially when related to virtual machine activity where the host machine and VM need to synchronize time. On non-vm machines and where there is no scripting etc to update the time this could be considered behavioral sign of tampering.
|Private comment: Subscribers only. See example of private comment|
|Search: Google - Bing - Microsoft - Yahoo - EventID.Net Queue (0) - More links...|
Send comments or solutions
- Notify me when updated