Security events
Security events are generated when a security policy is violated or any authentication/authorization related event occurs. Types of security events include:
- A successful logon (example details provided: the account used to log on, type of logon, and where a remote logon request originated)
- A logon failure (example details provided: account name, reason for the failure, the type of logon that was requested, and where a remote logon request originated)
- An attempt to log on using explicit credential (example details provided: the credentials used, information about why this type of event is generated, and other details about the event)
- An account is logged off (example details provided: account name and information about logon IDs and sessions)
Depending on the type of event, additional information about the event may appear in event details popup. This information can be helpful when troubleshooting critical and warning types of events.
In the following example, the security event details indicate a failed logon attempt. The message section also includes information such as the account name, the reason for the failure, and the local system that requested the logon.