No 4688: A new process has been created... Expand / Collapse
Author
Message
Posted 11/16/2016 6:22:23 AM
Forum Newbie

Forum NewbieForum NewbieForum NewbieForum NewbieForum NewbieForum NewbieForum NewbieForum Newbie

Group: Forum Members
Last Login: 11/16/2016 6:16:21 AM
Posts: 1, Visits: 1
Hi, I'm in the process of setting up a SIEM tool to monitor our Domain Controller Logs and I'm trying to make sure I can see that I can see when new processes have started:

[url=https://www.ultimatewindowssecurity.com/securitylog/encyclopedia/event.aspx?eventID=4688][/url]

Except this EventCode doesn't appear at all. It's a Windows 2012 R2 Server. It also doesn't appear on my Windows 7 desktop even when I start applications. Is there something I need to turn on to get it to start logging?
Post #7283
Posted 11/28/2016 4:57:30 PM
Supreme Being

Supreme BeingSupreme BeingSupreme BeingSupreme BeingSupreme BeingSupreme BeingSupreme BeingSupreme Being

Group: Moderators
Last Login: 11/14/2013 3:17:47 PM
Posts: 237, Visits: 0

You have to enable successful logging from the audit category below. Also, keep in mind that the event will only be generated on the log source that you are pulling logs from. If a process is generated on a workstation then the corresponding log will not be present on the Domain Controller.
Process Tracking
• Process Creation
Post #7285
« Prev Topic | Next Topic »


Permissions Expand / Collapse

All times are GMT -5:00, Time now is 8:13am