You are using an out of date browser. It may not display this or other websites correctly. You should upgrade or use an alternative browser.
event 4624
About this tag
Event 4624 is a Windows security audit event that records successful logon attempts. In Active Directory environments, monitoring event 4624 helps detect interactive logons (type 2 or type 10) versus network logons (type 3). However, as discussed in a forum thread, event 4624 logged on domain controllers may not always reflect the correct logon type for workstations, showing type 3 even for interactive logons. This discrepancy can hinder detection of malicious activity. The thread explores whether Group Policy settings can enforce accurate logon type reporting for event 4624 across all workstations, highlighting challenges in SIEM integration and security monitoring.
Hello All,
Greetings!!!
In our environment we monitor windows events 4624 and 4625 on AD for other workstations as all workstations can not integrated in a SIEM.
However, in event 4624 and 4625, we are not getting any type 10 or type 2 logon type that could tell us the interactive logon has...
activity
credentials
detection
eventevent4624event 4625
guidance
interactive
logon
malicious software
monitoring
policy
security
siem
type 10
type 2
type 3
windows ad
workstation