December 2022
Intermediate to advanced
532 pages
13h 54m
English
There is a significant number of Windows Event Log types available to IT and security professionals. This Appendix includes the most critical events that pertain to security and incident investigations and have been provided as a reference.
|
Event ID |
Event type |
Primary use |
Event log |
|
21 |
Remote desktop services: session logon succeeded. |
Event correlation, lateral movement, scoping |
TerminalServices-LocalSession Manager/Operational |
|
25 |
Remote desktop services: session reconnection succeeded. |
Event correlation, lateral movement, scoping |
TerminalServices-LocalSession Manager/Operational |
|
102 |
This event is logged when the terminal services gateway service requires a valid Secure Sockets Layer (SSL) |