N
Nathan Bob
Hi,
When windows log event IDs, for ex, 4624, it records the several values like IP, Hostname, UserID. In this regard, when it logs IP and respective hostnames, does it do any sort of DNS resolution or NS lookup to record the hostname or IP (vice versa) or it just directly takes the hostnames or IP by real time interaction? Trying to see if there is any role of DNS or NS Lookup to when recording those information. If you could explain better the way the IP and Hostname info is received by the DC or other computer in this event logging, it would be helpful to understand certain behavior.
Continue reading...
When windows log event IDs, for ex, 4624, it records the several values like IP, Hostname, UserID. In this regard, when it logs IP and respective hostnames, does it do any sort of DNS resolution or NS lookup to record the hostname or IP (vice versa) or it just directly takes the hostnames or IP by real time interaction? Trying to see if there is any role of DNS or NS Lookup to when recording those information. If you could explain better the way the IP and Hostname info is received by the DC or other computer in this event logging, it would be helpful to understand certain behavior.
Continue reading...