event 4624

About this tag
Event 4624 is a Windows security audit event that records successful logon attempts. In Active Directory environments, monitoring event 4624 helps detect interactive logons (type 2 or type 10) versus network logons (type 3). However, as discussed in a forum thread, event 4624 logged on domain controllers may not always reflect the correct logon type for workstations, showing type 3 even for interactive logons. This discrepancy can hinder detection of malicious activity. The thread explores whether Group Policy settings can enforce accurate logon type reporting for event 4624 across all workstations, highlighting challenges in SIEM integration and security monitoring.
  1. A

    Interactive LogOn type in windows AD events

    Hello All, Greetings!!! In our environment we monitor windows events 4624 and 4625 on AD for other workstations as all workstations can not integrated in a SIEM. However, in event 4624 and 4625, we are not getting any type 10 or type 2 logon type that could tell us the interactive logon has...
Back
Top