AnsweredAssumed Answered

rn, cid tags and there importance

Question asked by Tiago Carodo on Apr 30, 2018
Latest reply on May 2, 2018 by Leonard Chvilicek

Hello,

 

I have a questions about the logs:

 

What is the meaning of  the tag's "rn" and "cid" and its importance for first-line analysis?

%NICWIN-4-Security_4673_Microsoft-Windows-Security-Auditing: Security,rn=554470018 cid=704 eid=696,Sun Apr 29 11:26:07 2018,4673,Microsoft-Windows-Security-Auditing,,Audit Failure,host.domain.com,Sensitive Privilege Use,,A privileged service was called. Subject: Security ID: S-1-5-20 Account Name: host Account Domain: domain Logon ID: 0x3E4 Service: Server: NT Local Security Authority / Authentication Service Service Name: LsaRegisterLogonProcess() Process: Process ID: 0x2b8 Process Name: C:\Windows\System32\lsass.exe Service Request Information: Privileges: X

Outcomes