#authentication-events

1 article

Windows Events1

Windows Security Event Viewer displaying authentication events on a SOC monitoring dashboard

Event 4648

Microsoft-Windows-Security-Auditing

Windows EventInformation

Windows Event ID 4648 – Microsoft-Windows-Security-Auditing: Logon Attempted Using Explicit Credentials

Event ID 4648 fires when a user or process attempts authentication using explicit credentials different from their current logon session, commonly seen with RunAs, network authentication, or service account operations.

March 1812 min