Skip to main content
Skip table of contents

Account > User (Impacted)

The user or system account impacted by activity reported in the log.

Data Type

String

Aliases

UseAlias

Client Console Full Name

User (Impacted)

Client Console Short Name

Not applicable

Web Console Tab/Name

User (Impacted)

Elasticsearch Field Name

account

Rule Builder Column Name

Account

Regex Pattern

<account>

NetMon Name

Not applicable

Field Relationships

  • SIP
  • SIPv4
  • SIPv6
  • SIPv6E
  • Origin Hostname
  • Origin Hostname or IP
  • Origin NAT IP
  • DIP
  • DIPv4
  • DIPv6
  • DIPv6E
  • Impacted Hostname
  • Impacted Hostname or IP
  • Impacted NAT IP
  • Origin Port
  • Origin NAT Port
  • Impacted Port
  • Impacted NAT Port
  • Origin MAC Address
  • Impacted MAC Address
  • Origin Interface
  • Impacted Interface
  • Origin Domain
  • Impacted Domain
  • Origin Login
  • IANA Protocol Number
  • IANA Protocol Name

Common Applications

Any applications, systems or devices that utilize accounts.

Use Case

Correlating or monitoring user activity.

MPE/Data Masking Manipulations

Mapped to User Identity (Impacted)

Usage Standards

  • Use to indicate the user or account that is being altered or logged off a system by another user or system account.
  • Use for User Accounts and System Accounts.

Examples

  • Windows Event Log

<Event xmlns='http://Host2/win/2004/08/events/event'><System><Provider Name='Microsoft-Windows-Security-Auditing' Guid='{54849625-5478-4994-a5ba-3e3b0328c30d}'/><EventID>4738</EventID><Version>0</Version><Level>Information</Level><Task>User Account Management</Task><Opcode>Info</Opcode><Keywords>Audit Success</Keywords><TimeCreated SystemTime='2014-02-26T13:18:11.277015700Z'/><EventRecordID>1635656743</EventRecordID><Correlation/><Execution ProcessID='524' ThreadID='4900'/><Channel>Security</Channel><Computer> USABLDRRECFLOW01Computer><Security/></System><EventData>A user account was changed.

Subject:

       Security ID:        safaware\pete.store

       Account Name:       pete.store

       Account Domain:            safaware

       Logon ID:           0x7b1adb067

Target Account:

       Security ID:        S-1-5-21-2222222-2222222222-2222222222-90119

       Account Name:       LHR-Reception

       Account Domain:            safaware

Changed Attributes:

       SAM Account Name:   -

       Display Name:       -

       User Principal Name:       -

       Home Directory:            -

       Home Drive:         -

       Script Path:        -

       Profile Path:       -

       User Workstations:  -

       Password Last Set:  -

       Account Expires:           -

       Primary Group ID:   -

       AllowedToDelegateTo:       -

       Old UAC Value:             0x15

       New UAC Value:             0x211

       User Account Control:     

              'Password Not Required' - Disabled

              'Don't Expire Password' - Enabled

       User Parameters:    -

       SID History:        -

       Logon Hours:        -

Additional Information:

       Privileges:         -</EventData></Event>

Target in Windows indicates Impacted. In this log, the Target Account (Impacted) is being modified by Subject Account (Origin).

JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.

Contact Support Close