Monitor unlimited number of servers
Filter log events
Create email and web-based reports

Direct access to Microsoft articles
Customized keywords for major search engines
Access to premium content

Event ID: 4768 Source: Microsoft-Windows-Security-Auditing

A Kerberos authentication ticket (TGT) was requested.
Account Information:
Account Name: S-1-5-21-3575639598-1280693111-1939800713-1034
Supplied Realm Name: DOMAIN.LAN

Service Information:
Service Name: krbtgt/Domain.LAN
Service ID: NULL SID

Network Information:
Client Address: ::ffff:
Client Port: 59685

Additional Information:
Ticket Options: 0x40810010
Result Code: 0x6
Ticket Encryption Type: 0xffffffff
Pre-Authentication Type: -

Certificate Information:
Certificate Issuer Name:
Certificate Serial Number:
Certificate Thumbprint:

Certificate information is only provided if a certificate was used for pre-authentication.

Pre-authentication types, ticket options, encryption types and result codes are defined in RFC 4120.
UWS4768 provides a list with the meaning of the various fields listed in this event and the Kerberos codes.
EV100531 (4768: A Kerberos authentication ticket (TGT) was requested) provides a detailed description of this event along with a list of various result codes and their meaning. For example, the result code 0x6 mentioned in the event description above, stands for "Client not found in Kerberos database", meaning a bad user name, or new computer/user account that has not replicated to DC yet.
See EV100530 (Kerberos Security Audit Log Events Driving You Crazy?) on suggestions on  how to troubleshoot this problem.

Windows Event Log Analysis Splunk App

Build a great reporting interface using Splunk, one of the leaders in the Security Information and Event Management (SIEM) field, linking the collected Windows events to



Cisco ASA Log Analyzer Splunk App

Obtain enhanced visibility into Cisco ASA firewall logs using the free Firegen for Cisco ASA Splunk App. Take advantage of dashboards built to optimize the threat analysis process.