NETLOGON

5 events across 1 channel

Event ID	Title	Channel
5774		System
5782		System
5783		System
5805		System
5823		System

Event ID 5774 —

Provider: NETLOGON
Channel: System
Level: 2
Samples: 1

Fields

Name	Description
`Data_0`	—
`Data_1`	—
`Data_2`	—
`Data_3`	—
`Data_4`	—
`Binary`	—

Example Event

system:
  provider: NETLOGON
  guid: ''
  event_source_name: ''
  event_id: 5774
  version: 0
  level: 2
  task: 0
  opcode: 0
  keywords: 36028797018963968
  time_created: '2022-04-07T16:59:59.111784+00:00'
  event_record_id: 1287
  correlation: {}
  execution:
    process_id: 0
    thread_id: 0
  channel: System
  computer: WIN-FPV0DSIC9O6.sigma.fr
  security:
    user_id: ''
event_data:
  Data_0: ForestDnsZones.sigma.fr. 600 IN A 10.0.2.133
  Data_1: '%%9017'
  Data_2: '::'
  Data_3: '5'
  Data_4: '9017'
  Binary: '0500'
message: ''

References

Example event sourced from https://github.com/NextronSystems/evtx-baseline

Event ID 5782 —

Provider: NETLOGON
Channel: System
Level: 3
Samples: 1

Fields

Name	Description
`Data_0`	—
`Binary`	—

Example Event

system:
  provider: NETLOGON
  guid: ''
  event_source_name: ''
  event_id: 5782
  version: 0
  level: 3
  task: 0
  opcode: 0
  keywords: 36028797018963968
  time_created: '2022-04-07T16:53:49.187430+00:00'
  event_record_id: 1246
  correlation: {}
  execution:
    process_id: 0
    thread_id: 0
  channel: System
  computer: WIN-FPV0DSIC9O6.sigma.fr
  security:
    user_id: ''
event_data:
  Data_0: '%%9852'
  Binary: 7C260000
message: ''

References

Example event sourced from https://github.com/NextronSystems/evtx-baseline

Event ID 5783 —

Provider: NETLOGON
Channel: System
Level: 2
Samples: 1

Fields

Name	Description
`Data`	—
`Binary`	—

Example Event

system:
  provider: NETLOGON
  guid: ''
  event_source_name: ''
  event_id: 5783
  version: 0
  level: 2
  task: 0
  opcode: 0
  keywords: 36028797018963968
  time_created: '2012-04-06T18:07:03.000000Z'
  event_record_id: 13508
  correlation: {}
  execution:
    process_id: 0
    thread_id: 0
  channel: System
  computer: WKS-WIN764BITB.shieldbase.local
  security:
    user_id: ''
event_data:
  Data:
  - \\Controller.shieldbase.local
  - SHIELDBASE
  - WKS-WIN764BITB
  Binary: ''

Event ID 5805 —

Provider: NETLOGON
Channel: System
Level: 2
Samples: 1

Fields

Name	Description
`Data`	—
`Binary`	—

Example Event

system:
  provider: NETLOGON
  guid: ''
  event_source_name: ''
  event_id: 5805
  version: 0
  level: 2
  task: 0
  opcode: 0
  keywords: 36028797018963968
  time_created: '2020-09-15T19:28:49.359773+00:00'
  event_record_id: 63221
  correlation: {}
  execution:
    process_id: 0
    thread_id: 0
  channel: System
  computer: 01566s-win16-ir.threebeesco.com
  security:
    user_id: ''
event_data:
  Data:
  - 01566S-WIN16-IR
  - '%%5'
  Binary: IgAAwA==
message: ''

References

Example event sourced from https://github.com/Yamato-Security/hayabusa-sample-evtx

Event ID 5823 —

Provider: NETLOGON
Channel: System
Level: 4
Samples: 1

Fields

Name	Description
`Data_0`	—
`Binary`	—

Example Event

system:
  provider: NETLOGON
  guid: ''
  event_source_name: ''
  event_id: 5823
  version: 0
  level: 4
  task: 0
  opcode: 0
  keywords: 36028797018963968
  time_created: '2022-04-07T08:15:01.574704+00:00'
  event_record_id: 730
  correlation: {}
  execution:
    process_id: 0
    thread_id: 0
  channel: System
  computer: WIN-FPV0DSIC9O6.sigma.fr
  security:
    user_id: ''
event_data:
  Data_0: ''
  Binary: ''
message: ''

References

Example event sourced from https://github.com/NextronSystems/evtx-baseline