Monitor unlimited number of servers
Filter log events
Create email and web-based reports

Direct access to Microsoft articles
Customized keywords for major search engines
Access to premium content

Event ID: 608 Source: Security

Source
Description
User Right Assigned:
User Right: SeBackupPrivilege
SeSystemtimePrivilege
SeRemoteShutdownPrivilege
SeRestorePrivilege
SeShutdownPrivilege
Assigned To: %{S-1-5-32-549}
Assigned By:
User Name: THALES$
Domain: <domain name>
Logon ID: (0x0,0x3E7)
Comments
 
As per Microsoft: "This event record indicates that a specific right was assigned to the identified user. Certain rights have security implications. Assigning such rights to a user who is not trusted can be a security risk". See MSW2KDB and ME314294 for information about this event.
An audit of a user right(s) assignment. This events are also occuring when a server is promoted to Domain Controller (in a new Active Directory tree) - the event indicates the rights that are assigned to newly domain accounts and groups.

Windows Event Log Analysis Splunk App

Build a great reporting interface using Splunk, one of the leaders in the Security Information and Event Management (SIEM) field, linking the collected Windows events to www.eventid.net.

Read more...

 

Cisco ASA Log Analyzer Splunk App

Obtain enhanced visibility into Cisco ASA firewall logs using the free Firegen for Cisco ASA Splunk App. Take advantage of dashboards built to optimize the threat analysis process.

Read more...