Detection rules › Sigma
Locked Workstation
Detects locked workstation session events that occur automatically after a standard period of inactivity.
Event coverage
| Provider | Event ID | Title |
|---|---|---|
| Security-Auditing | 4800 | The workstation was locked. |
Detection rules › Sigma
Detects locked workstation session events that occur automatically after a standard period of inactivity.
| Provider | Event ID | Title |
|---|---|---|
| Security-Auditing | 4800 | The workstation was locked. |
selection