1104(S) The security log is now full. | Microsoft Learn
Pass-the-Hash Is Dead: Long Live LocalAccountTokenFilterPolicy | by Will Schroeder | Posts By SpecterOps Team Members
4725(S) A user account was disabled. | Microsoft Learn
A Little Guide to SMB Enumeration - Hacking Articles
Active Directory Enumeration detected by Microsoft Security solutions | by Derk van der Woude | Medium
Lenovo Patch: An Error (1332) Occurred While Enumerating the Group Membership. The Member SID Could Not Be Resolved - Lenovo Support US
First Steps After Compromise: Enumerating Active Directory - risk3sixty
4798(S) A user's local group membership was enumerated. | Microsoft Learn
BloodHound Inner Workings & Limitations – Part 1: User Rights Enumeration Through SAMR & GPOLocalGroup – Compass Security Blog
Active Directory Group Management Best Practices
How do I disable the AppLogs agent?
SIEM - Security information and event management — Zercurity 1.6.0 (41f38f0) documentation
Windows Event Log Analysis - Incident Response Guide
EventList – the Baseline Event Analyzer | miriamxyra
Secure workstations by monitoring and alerting on membership changes in the local Administrators group, Part 2 - ManageEngine Blog
Active Directory Domain Enumeration Part-1 With Powerview - NoRed0x
4798(S) A user's local group membership was enumerated. | Microsoft Learn
Windows admin 101 – Adding a local administrator account from the command line – PwnDefend
Get Local Group Members Revisited • The Lonely Administrator
Solved Event Properties - Event 4798, Microsoft Windows | Chegg.com
Threat Advisory: Telegram Crypto Botnet STRT-TA01 | Splunk
4732(S) A member was added to a security-enabled local group. | Microsoft Learn
Active Directory Domain Enumeration Part-1 With Powerview - NoRed0x
Using Windows Event Log IDs for Threat Hunting - FourCore
PowerView: Active Directory Enumeration - Red Team Notes
Get Local Group Members Revisited • The Lonely Administrator
Incident Response: Windows Account Management Event (Part 1) - Hacking Articles
Get Local Group Members with PowerShell • The Lonely Administrator
Event ID 4688: What Is It & How to Enable It - Windows Report
