Monitor unlimited number of servers
Filter log events
Create email and web-based reports

Direct access to Microsoft articles
Customized keywords for major search engines
Access to premium content

Event ID: 4656 Source: Microsoft-Windows-Security-Auditing

Description
A handle to an object was requested.

Subject:
Security ID: <domain>\<username>
Account Name: <username>
Account Domain: <domain>
Logon ID: 0x8aa04

Object:
Object Server: Security
Object Type: File
Object Name: C:\Windows\System32\eventvwr.msc
Handle ID: 0x0

Process Information:
Process ID: 0x15cc
Process Name: C:\Windows\System32\mmc.exe

Access Request Information:
Transaction ID: {00000000-0000-0000-0000-000000000000}
Accesses: READ_CONTROL
SYNCHRONIZE
WriteData (or AddFile)
AppendData (or AddSubdirectory or CreatePipeInstance)
WriteEA
ReadAttributes
WriteAttributes

Access Mask: 0x120196
Privileges Used for Access Check: -
Restricted SID Count: 0
Comments
 
From a support forum: This event is recorded if the failure audit was enabled for Handle Manipulation using auditpol. If you would like to get rid of these Audit failures 4656 then you need to run the following command on Vista:

auditpol /set /subcategory:"Handle Manipulation" /failure:disable

See open handle TD408940 for more information about auditing the handle manipulation events.

Windows Event Log Analysis Splunk App

Build a great reporting interface using Splunk, one of the leaders in the Security Information and Event Management (SIEM) field, linking the collected Windows events to www.eventid.net.

Read more...

 

Cisco ASA Log Analyzer Splunk App

Obtain enhanced visibility into Cisco ASA firewall logs using the free Firegen for Cisco ASA Splunk App. Take advantage of dashboards built to optimize the threat analysis process.

Read more...