Event Name - UserLogon

Description

Platforms: Linux, Windows, macOS

This event is generated when a user logs on to a host.

Platforms: ChromeOS

Fields: Linux, Windows, macOS

Field

Description

ContextTimeStamp

System time of event creation.

UserName

LogonTime

LogonType

Values:

  • INTERACTIVE (2)

  • NETWORK (3)

  • BATCH (4)

  • SERVICE (5)

  • PROXY (6)

  • UNLOCK (7)

  • NETWORK_CLEARTEXT (8)

  • NEW_CREDENTIALS (9)

  • REMOTE_INTERACTIVE (10)

  • CACHED_INTERACTIVE (11)

  • CACHED_REMOTE_INTERACTIVE (12)

  • CACHED_UNLOCK (13)

UID

Unix User Identifier.

UserIsAdmin

Set to TRUE if this user is a local admin.

PasswordLastSet

RemoteAddressIP4

RemoteAddressIP6

PreviousCrowdStrike SearchesNextEvent Name - UserLogonFailed

Last updated

Was this helpful?