Navigation section
auditing events
About this tag
Auditing events in Windows environments are critical for monitoring security and policy changes. Discussions on WindowsForum.com cover troubleshooting recurring auditing events in Windows Event Logs, such as those triggered by security software like SentinelOne scanning files every few minutes. Users seek methods to identify the root cause of these events, especially when integrating with SIEM tools like Alienvault. Another common issue involves local user accounts incorrectly generating domain account logon auditing events when viewing history in Task Scheduler, affecting Windows Vista, Server 2008, Windows 7, and Server 2008 R2. These topics highlight the importance of understanding and managing auditing events to maintain accurate security logs and reduce false positives.
-
T
I need some assistance finding out what is causing this Event Log Auditing event
I am using Alienvault to log our SIEM Events from our Windows 2019 servers, and I am trying to find out how to debug what is causing this recurring Auditing Event in our Windows Event Logs. I have found out that SentinelOne is scanning this file at the time, but is there a way to see what...- tpancrazio
- Thread
- alienvault audit policy change auditing events computer name debugging detection change event log event tracking log management recurring events security security audits sentinelone siem windows security windows server 2019
- Replies: 1
- Forum: Windows Server Forums
-
Local user accounts incorrectly trigger domain account logon auditing events when they view history
Fixes an issue in which domain account logon auditing events incorrectly occur when local user accounts refresh the history in Task Scheduler in Windows Vista, in Windows Server 2008, in Windows 7 or in Windows Server 2008 R2 . Additionally, a domain... More...- News
- Thread
- auditing events domain login history refresh issue fix server 2008 task scheduler user account windows 7 windows vista
- Replies: 0
- Forum: Knowledge Base (KB)