Skip to main content
Skip table of contents

EVID 4716 : Domain Trust Events (Part 2) (Security)

Event Details

Event TypeAudit Authentication Policy Change
Event Description4716 : Trusted domain information was modified.
Event ID4716

Log Fields and Parsing

This section details the log fields available in this log message type, along with values parsed for both LogRhythm Default and LogRhythm Default v2.0 policies. A value of "N/A" (not applicable) means that there is no value parsed for a specified log field.

Log FieldLogRhythm DefaultLogRhythm Default v2.0
ProviderN/AN/A
EventID<vmid><vmid>
VersionN/AN/A
LevelN/A<severity>
TaskN/A<vendorinfo>
OpcodeN/AN/A
Keywords<tag1><result>
TimeCreatedN/AN/A
EventRecordIDN/AN/A
CorrelationN/AN/A
ExecutionN/AN/A
ChannelN/AN/A
Computer<dname><dname>
SubjectUserSidN/AN/A
SubjectUserName<login>, <tag2><login>
SubjectDomainName<domain><domainorigin>
SubjectLogonId<session><session>
DomainName<tag3>N/A
DomainSidN/AN/A
TdoType<tag4>N/A
TdoDirection<tag5>N/A
TdoAttributesN/AN/A
SidFilteringEnabledN/AN/A

Log Processing Settings

This section details log processing changes made from the LogRhythm Default policy to LogRhythm Default v2.0. In some cases, base rules are broken down into sub-rules to appropriately parse log message types by their event types.

LogRhythm Default

Regex IDRule NameRule TypeCommon EventClassification
1000630EVID 4706, 4707, 4716 : Domain Trust EventsBase RuleDomain Trust InformationInformation
EVID 4706 : Domain Trust CreatedSub RuleTrust Relationship EstablishedAccess Granted
EVID 4707 : Domain Trust RemovedSub RuleTrust Relationship RevokedAccess Revoked
EVID 4716 : Domain Trust Info ModifiedSub RuleConfiguration Modified : SecurityConfiguration

LogRhythm Default v2.0

Regex IDRule NameRule TypeCommon EventClassification
1011104V 2.0 : General Policy Change EventsBase RulePolicy Modified : SystemPolicy
V 2.0 : EVID 4713 : Kerberos Policy ModifiedSub RulePolicy Modified : SystemPolicy
V 2.0 : EVID 4715 : SACL On Object ModifiedSub RulePolicy Modified : ObjectPolicy
V 2.0 : EVID 4716 : Domain Trust ModifiedSub RulePolicy Modified : DomainPolicy
JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.