I am using snare to get Wintel logs and I don’t find any issues except the event ID- 4662.
I am getting Server's GUID instead of Distinguish name in the logs. It is tough to identify the host name.
Can anyone tell me why am I getting this.
I have moved this thread to the RSA NetWitness Platform so that you can get an answer to your question.
It is a Windows feature to show GUID instead the hostname. It benefits to show the same GUID even host has been renamed with new name.
GUID of server looks fixed.
hostname may vary if renamed.
Windows admin may get the details of hostname using the GUID.
Thanks for your reply.
My query is not regarding the host name i am getting GUID instead of DN.
For the particular event in Event viewer i am able to see the Distinguished name of the host when it comes to Decoder it showing GUID.
Is there anything need to done from my end to get the logs properly.
Can you share what you see in event viewer and the same log event from Netwitness investigation page?
Retrieving data ...