Hackers have determined a number of ways to harvest privileged account credentials and use them to infiltrate networks. This makes monitoring privileged account usage critical to reducing your organization’s cyber risk.
The good news is that Windows provides event ID 4672, which is logged whenever an account signs in with admin user rights.
Event ID 4672 contains valuable information, such as user name, computer name and privileges, and logon session ID. Administrative users will always have one or more of the rights that trigger event 4672.
In this on-demand webinar, Windows Security Expert, Randy Franklin Smith, provides free technical training on detecting compromised accounts and demonstrates how to sift through event 4672 details.
Watch now to learn how to use Windows Security Log to monitor privileged access and threat hunt for suspicious logon sessions.