Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Blason_R
Advisor

What query checkpoint wmic uses to get the username from event IDs4624/4625

Jump to solution

Hi Guys,

Wondering if anyone knows what query checkpoint uses to query AD server over wmi to get the logged on usernames and then map it with log fields?

 

1 Solution

Accepted Solutions
PhoneBoy
Admin
Admin
If you're talking about ADQuery, we actually register to specific event types from the security logs and have them sent to the gateway.
More details: https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solut...

View solution in original post

0 Kudos
Reply
2 Replies
PhoneBoy
Admin
Admin
If you're talking about ADQuery, we actually register to specific event types from the security logs and have them sent to the gateway.
More details: https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solut...

View solution in original post

0 Kudos
Reply
Blason_R
Advisor

Thanks for update.

0 Kudos
Reply