Hello All,
Greetings!!!
In our environment we monitor windows events 4624 and 4625 on AD for other workstations as all workstations can not integrated in a SIEM.
However, in event 4624 and 4625, we are not getting any type 10 or type 2 logon type that could tell us the interactive logon has been triggered on the workstation. I have tested it by using my credentials, however we got type 3 even though it was interactive logon.
This information is critical for us to detect some malicious activity.
Is there any way to get this information from AD? Is there any policy that needs to be pushed?
Please guide.Thanks in advance.
Regards,
Ameer Mane
Greetings!!!
In our environment we monitor windows events 4624 and 4625 on AD for other workstations as all workstations can not integrated in a SIEM.
However, in event 4624 and 4625, we are not getting any type 10 or type 2 logon type that could tell us the interactive logon has been triggered on the workstation. I have tested it by using my credentials, however we got type 3 even though it was interactive logon.
This information is critical for us to detect some malicious activity.
Is there any way to get this information from AD? Is there any policy that needs to be pushed?
Please guide.Thanks in advance.
Regards,
Ameer Mane