Build a great reporting interface using Splunk, one of the leaders in the Security Information and Event Management (SIEM) field, linking the collected Windows events to www.eventid.net. The EventId.Net for Splunk Add-on assumes that Splunk is collecting information from Windows servers and workstation via the Splunk Universal Forwarder.
|Type: Success Audit|
A process was assigned a primary token.
Process ID: <id>
Image File Name: <file name>
User Name: <user name>
Domain: <domain name>
Logon ID: (0x0,0x1CBC6A)
|English: Request a translation of the event description in plain English.|
As per Microsoft: "A program requested and generated a security token. This usually indicates that the program is running in a specific security context. After the program generates the security token, it accesses resources in the security context of that token". See MSW2KDB for additional information about this event.
|Private comment: Subscribers only. See example of private comment|
|Links: ME274176, Online Analysis of Security Event Log, MSW2KDB|
|Search: Google - Bing - Microsoft - Yahoo - EventID.Net Queue (0) - More links...|
Send comments or solutions
- Notify me when updated