endpoint-authentication

April 24, 2024 · View on GitHub

Description

A part of an identification process to an endpoint that is not the login

Parameters

ParameterValue
Subjectendpoint
Activityauthentication
Activity Typeendpoint-authentication
Pretty NameEndpoint Authentication

Legacy Names

SuccessFail
authentication-successful
kerberos-logon
nac-logon
authentication-failed
kerberos-logon
nac-failed-logon

Fields

The possible fields for this activity type will vary depending on whether the activity was a success or a fail.

endpoint-authentication:success

FieldCoreDetectionInformational
tgs_service_name
auth_type
domain
domain_user_name
user

endpoint-authentication:fail

FieldCoreDetectionInformational
auth_type
failure_code
domain
domain_user_name
failure_reason
logon_type
user