Security

SidType WMI Security Event log

dadamsci
Engager

Hi All!

Could you tell me what SidType field means in WMI Security Event log?

eg.

01/17/2013 08:15:07 PM
LogName=Application
SourceName=Microsoft-Windows-User Profile Service
EventCode=1532
EventType=4
Type=Information
ComputerName=xxxxx
User=SYSTEM
Sid=S-1-5-18
SidType=5
TaskCategory=None
OpCode=Info
RecordNumber=3523
Keywords=None
Message=The User Profile Service has stopped.

Thank you

brgds,
Adam

1 Solution

dadamsci
Engager

Oh great, thank you! 🙂

0 Karma
Get Updates on the Splunk Community!

Index This | I am a number, but when you add ‘G’ to me, I go away. What number am I?

March 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...

What’s New in Splunk App for PCI Compliance 5.3.1?

The Splunk App for PCI Compliance allows customers to extend the power of their existing Splunk solution with ...

Extending Observability Content to Splunk Cloud

Register to join us !   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to ...