Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Blason_R
Leader
Leader
Jump to solution

What query checkpoint wmic uses to get the username from event IDs4624/4625

Hi Guys,

Wondering if anyone knows what query checkpoint uses to query AD server over wmi to get the logged on usernames and then map it with log fields?

 

Thanks and Regards,
Blason R
CCSA,CCSE,CCCS
1 Solution

Accepted Solutions
PhoneBoy
Admin
Admin
If you're talking about ADQuery, we actually register to specific event types from the security logs and have them sent to the gateway.
More details: https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solut...

View solution in original post

0 Kudos
2 Replies
PhoneBoy
Admin
Admin
If you're talking about ADQuery, we actually register to specific event types from the security logs and have them sent to the gateway.
More details: https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solut...
0 Kudos
Blason_R
Leader
Leader

Thanks for update.

Thanks and Regards,
Blason R
CCSA,CCSE,CCCS
0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events