Build a great reporting interface using Splunk, one of the leaders in the Security Information and Event Management (SIEM) field, linking the collected Windows events to www.eventid.net. The EventId.Net for Splunk Add-on assumes that Splunk is collecting information from Windows servers and workstation via the Splunk Universal Forwarder.
|Type: Success Audit|
Encrypted Data Recovery Policy Changed: Changed By: User Name: ARHIMEDE$ Domain Name: ALTDOMAIN Logon ID:(0x0,0x3E7) Changes made:('--' means no changes, otherwise each change is shown as: <ParameterName>: <new value> (<old value>)) PolEfDat: <binary data> (none);
|English: Request a translation of the event description in plain English.|
This event record indicates that a change has been made to the Security Account Manager (SAM) database. This database contains information for all user and group accounts. Make sure, only the person with administrative rights for the domain should be able to perform such tasks.
|Private comment: Subscribers only. See example of private comment|
|Links: Online Analysis of Security Event Log|
|Search: Google - Bing - Microsoft - Yahoo - EventID.Net Queue (0) - More links...|
Send comments or solutions
- Notify me when updated