none
I'd like to look for privilege escalation and actions using privileges from the Windows event log RRS feed

  • Question

  • Although same as the title, I'd like to look for privilege escalation and actions using privileges from the Windows event log.
    I think event codes 4672 and 4674 are related, but I am not confident.

    So the question is two.

    ① I am thinking as follows, is this correct?

    · 4672 is granting privilege
    · 4674 is actions using privilege

    ② If the above recognition is correct, how should I check content in the log of event code 4674?
    I can't understand content in the log of event code 4674...

    I hope someone can tell me.

    Thursday, February 22, 2018 6:04 AM

Answers

All replies