cancel
Showing results for 
Search instead for 
Did you mean: 
Create a Post
Highlighted
Silver

What query checkpoint wmic uses to get the username from event IDs4624/4625

Jump to solution

Hi Guys,

Wondering if anyone knows what query checkpoint uses to query AD server over wmi to get the logged on usernames and then map it with log fields?

 

1 Solution

Accepted Solutions
Highlighted
Admin
Admin

Re: What query checkpoint wmic uses to get the username from event IDs4624/4625

Jump to solution
If you're talking about ADQuery, we actually register to specific event types from the security logs and have them sent to the gateway.
More details: https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solut...

View solution in original post

0 Kudos
2 Replies
Highlighted
Admin
Admin

Re: What query checkpoint wmic uses to get the username from event IDs4624/4625

Jump to solution
If you're talking about ADQuery, we actually register to specific event types from the security logs and have them sent to the gateway.
More details: https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solut...

View solution in original post

0 Kudos
Highlighted
Silver

Re: What query checkpoint wmic uses to get the username from event IDs4624/4625

Jump to solution

Thanks for update.

0 Kudos