Guest Ming_065 Posted April 11, 2023 Posted April 11, 2023 'threat-protection' According to the discription of Event_id 4768 and 4769,It's normal when the service name field equals to 'krbtgt\xxxx' in Event_id 4768, because TGS will recognize the ‘krbtgt’ to response ST.But what does it mean when the service name field equals to 'krbtgt' in Event_id 4769? Is it normal or anomaly? Is it normal when 'krbtgt' account being accessed? In my opinion, the service name field in 4769 will mean the service that client account_name is requesting for, like host$, smb, cifs, etc.Log like this:04/11/2023 01:18:33 PM LogName=Security SourceName=Microsoft Windows se Continue reading... Quote
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.