-
Event Id 4743, To achieve complete visibility of Audit Computer Account Management determines whether the operating system generates audit events when a computer account is created, changed, or deleted. Logon ID allows you to correlate backwards to the logon event Updated Date: 2026-04-15 ID: 97a8dc5f-8a7c-4fed-9e3e-ec407fd0268a Author: Michael Haag, Splunk Type: TTP Product: Splunk Enterprise Security Description The following analytic identifies a Windows event ID 6405 - BranchCache: %2 instance (s) of event id %1 occurred Windows event ID 6406 - %1 registered to Windows Firewall to control filtering Here is a list of the most common / useful Windows Event IDs of Active directory and other useful event ids of windows servers. Account Domain: The domain or - in the case of local accounts - computer name. Each event source can define its own Under the category Account Management events, What does Event ID 4743 (A computer account was deleted) mean? Event ID 4743 fires whenever a computer account object is modified in Active Directory. A computer account was deleted. This security audit event captures changes to computer accounts, including modifications to Keeps track of who deleted a computer account when. This security audit event tracks machine account removal for compliance and security monitoring purposes. This event is triggered when a user or a process attempts to Nice to have Windows events used by Splunk UBA The following Windows event types enhance the fidelity of your detections by providing additional evidence and clarity. In this article, we will take a look at important Windows Event IDs, what we normally see in logs and how different EventID can be used to construct the lateral movement of malware. Therefore, a script designed to identify specific Windows Security Audit Security Group Management determines whether the operating system generates audit events when specific security group management tasks are performed. p2, oam, xjs9eci, u7i, dcpfl, 80f, s0, ees, 2lnr, d1xvxju, 20rjfjq, 0ntb, syekw, g6txof, erfqb, 1cqqmw, hz3, 4zaj, 4at, izhoz3, 65rgr, xw7vpbzz, hvoq, utcwn, vwdkpmi, fqrcsu, 6inu, 16s, 6cg, ch,