Wednesday, January 15, 2020

Event ID 4770 - A Kerberos service ticket was renewed

Event ID 4770 - A Kerberos service ticket was renewed
Log Sample:

{
 "EventTime": "2017/11/17 04:04:12"
 "Hostname": "MPWXDC.changme.local"
 "Keywords": -9214364837600034816
 "EventType": "AUDIT_SUCCESS"
 "SeverityValue": 2
 "Severity": "INFO"
 "EventID": 4770
 "SourceName": "Microsoft-Windows-Security-Auditing"
 "ProviderGuid": "{54849625-5478-4994-A5BA-3E3B0328C30D}"
 "Version": 0
 "Task": 14337
 "OpcodeValue": 0
 "RecordNumber": 614360248
 "ProcessID": 824
 "ThreadID": 23856
 "Channel": "Security"
 "Message": "A Kerberos service ticket was renewed."
 "Category": "Kerberos Service Ticket Operations"
 "Opcode": "Info"
 "TargetUserName": "ALABAMA$@changme.LOCAL"
 "TargetDomainName": "changme.LOCAL"
 "ServiceName": "krbtgt"
 "ServiceSid": "S-1-5-21-343361891-1219768270-4058147650-502"
 "TicketOptions": "0x2"
 "TicketEncryptionType": "0x12"
 "IpAddress": "::ffff:10.1.0.45"
 "IpPort": "59685"
 "EventReceivedTime": "2017/11/17 04:04:12"
 "SourceModuleName": "wineventlog_in"
 "SourceModuleType": "im_msvistalog"

}

General Description

  • This event generates for every Ticket Granting Service (TGS) ticket renewal.
  • This event generates only on domain controllers.
  • This event typically has informational only purpose.
The launchpad to a career in IT. This program is designed to take beginner learners to job readiness in about eight months.
at
Labels: , ,

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)