






Study with the several resources on Docsity
Earn points by helping other students or get them with a premium plan
Prepare for your exams
Study with the several resources on Docsity
Earn points to download
Earn points by helping other students or get them with a premium plan
Event ID's used for Daily computer communication over internet.
Typology: Summaries
1 / 11
This page cannot be seen from the preview
Don't miss anything!







TOP Windows Event IDs for SOC Analysts This list is industry standard and used in real-world detection engineering.
4672 Admin privileges assigned Detect privilege escalation 4648 Logon using explicit credentials Pass-the-Hash / Pass-the-Ticket detection 4768 Kerberos TGT request Detect Kerberoasting patterns 4769 Kerberos service ticket request Lateral movement tracking 4776 NTLM authentication NTLM brute-force, legacy auth use
4733 User removed from security group Insider cleanup behavior 4756 User added to global security group High-value group modification 4781 Account name changed Used in identity obfuscation by attackers