Elastic Windows Event Explorer


Publisher - LsaSrv

Event ID 300

Message:

Groups assigned to a new logon.

New Logon:
	Security ID:		%{TargetUserSid}
	Account Name:		%{TargetUserName}
	Account Domain:		%{TargetDomainName}
	Logon ID:		%{TargetLogonId}
	Logon GUID:		%{TargetLogonGuid}

Event in sequence:		%{EventOrginal} of %{EventCountTotal}

Group Membership:		%{SidList}

Event Data:

# Name In Type
Out Type
1 TargetUserSid win:SID xs:string
2 TargetUserName win:UnicodeString xs:string
3 TargetDomainName win:UnicodeString xs:string
4 TargetLogonId win:HexInt64 win:HexInt64
5 TargetLogonGuid win:GUID xs:GUID
6 EventOrginal win:UInt32 xs:unsignedInt
7 EventCountTotal win:UInt32 xs:unsignedInt
8 SidList win:UnicodeString xs:string

Observed Windows Versions:

Version: 0

Fingerprint: RKQXVSG7P7MNC