Highlighted
chris.lee@excer1 Absent Member.
Absent Member.
248 views

in what condition, we can use attacker username and source username for windows event. i notice this few are keep empty.

Hi,

 

actually in what condition, we can use the field for attacker username and source username for windows event. because i aware that, that field are always empty.

Labels (2)
0 Likes
1 Reply
Jurgen
Visitor.

Re: in what condition, we can use attacker username and source username for windows event. i notice this few are keep empty.

As far as i remember, i almost never use attacker of source, it's always target username.

Maybe in a situation where a user uses: RUN AS to run a application in administrator mode they can be filled but i'm not sure.

Kind regards,

Jurgen

0 Likes
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.