Fields related to a logon attempt.
xdm.logon.type
Description |
A numeric value that indicates the type of logon session. See https://docs.microsoft.com/en-us/windows/win32/cimwin32prov/win32-logonsession. |
Datatype |
|
Dataclass |
Scalar |
Examples |
XDM_CONST.LOGON_TYPE_INTERACTIVE, XDM_CONST.LOGON_TYPE_NETWORK, XDM_CONST.LOGON_TYPE_BATCH, XDM_CONST.LOGON_TYPE_SERVICE, XDM_CONST.LOGON_TYPE_PROXY |
xdm.logon.assigned_rights
Description |
A list of assigned user rights. See https://docs.microsoft.com/en-us/windows/security/threat-protection/security-policy-settings/user-rights-assignment. |
Datatype |
|
Dataclass |
Array |
Examples |
XDM_CONST.LOGON_ASSIGNED_RIGHT_SE_TRUSTED_CRED_MAN_ACCESS_PRIVILEGE, XDM_CONST.LOGON_ASSIGNED_RIGHT_SE_NETWORK_LOGON_RIGHT, XDM_CONST.LOGON_ASSIGNED_RIGHT_SE_TCB_PRIVILEGE, XDM_CONST.LOGON_ASSIGNED_RIGHT_SE_MACHINE_ACCOUNT_PRIVILEGE, XDM_CONST.LOGON_ASSIGNED_RIGHT_SE_INCREASE_QUOTA_PRIVILEGE |
xdm.logon.logon_guid
Description |
The GUID of the logon request. |
Datatype |
String |
Dataclass |
Scalar |
xdm.logon.is_elevated
Description |
Whether the logon is elevated and has administrator privileges. |
Datatype |
Boolean |
Dataclass |
Scalar |
xdm.logon.is_virtual_account
Description |
Whether the logon account is a virtual account. |
Datatype |
Boolean |
Dataclass |
Scalar |
xdm.logon.is_restricted_admin_mode
Description |
Only populated for RemoteInteractive logon type sessions. Indicates whether the credentials provided were passed using Restricted Admin mode. |
Datatype |
Boolean |
Dataclass |
Scalar |
xdm.logon.impersonation_level
Description |
Impersonation is the ability of a thread to execute in a security context that is different from the context of the process that owns the thread. When running in the client's security context, the server 'is' the client, to some degree. See https://docs.microsoft.com/en-us/windows/win32/com/impersonation-levels |
Datatype |
|
Dataclass |
Scalar |
Examples |
XDM_CONST.LOGON_IMPERSONATION_LEVEL_ANONYMOUS, XDM_CONST.LOGON_IMPERSONATION_LEVEL_IDENTIFICATION, XDM_CONST.LOGON_IMPERSONATION_LEVEL_IMPERSONATION, XDM_CONST.LOGON_IMPERSONATION_LEVEL_DELEGATION |
xdm.logon.package_name
Description |
The authentication package used. |
Datatype |
String |
Dataclass |
Scalar |
xdm.logon.fingerprint
Description |
The authentication fingerprint. |
Datatype |
String |
Dataclass |
Scalar |