This event record indicates that a change has been made to the Security Account Manager (SAM) database. This database contains information for all user and group accounts. Make sure, only the person with administrative rights for the domain should be able to perform such tasks.
Build a great reporting interface using Splunk, one of the leaders in the Security Information and Event Management (SIEM) field, linking the collected Windows events to www.eventid.net.
Obtain enhanced visibility into Cisco ASA firewall logs using the free Firegen for Cisco ASA Splunk App. Take advantage of dashboards built to optimize the threat analysis process.