A part of an identification process to an endpoint that is not the login
| Parameter | Value |
|---|---|
| Subject | endpoint |
| Activity | authentication |
| Activity Type | endpoint-authentication |
| Pretty Name | Endpoint Authentication |
| Success | Fail |
|---|---|
| authentication-successful kerberos-logon nac-logon |
authentication-failed kerberos-logon nac-failed-logon |
The possible fields for this activity type will vary depending on whether the activity was a success or a fail.
| Field | Core | Detection | Informational |
|---|---|---|---|
| tgs_service_name | ✓ | ||
| auth_type | ✓ | ||
| domain | ✓ | ||
| domain_user_name | |||
| user | ✓ | ✓ |
| Field | Core | Detection | Informational |
|---|---|---|---|
| auth_type | ✓ | ||
| failure_code | ✓ | ||
| domain | ✓ | ||
| domain_user_name | |||
| failure_reason | ✓ | ||
| logon_type | ✓ | ||
| user | ✓ | ✓ |