Windows Account Usage
User account information can be collected and audited. Tracking local account usage can help detect Pass the Hash activity and other unauthorized account usage. Additional information such as remote desktop logins, users added to privileged groups, and account lockouts can also be tracked. User accounts being promoted to privileged groups should be audited very closely to ensure that users are in fact supposed to be in a privileged group. Unauthorized membership in privileged groups is a strong indicator that malicious activity has occurred. Lockout events for domain accounts are generated on the domain controller whereas lockout events for local accounts are generated on the local computer.
Related Solution
AIS Managed SIEM
Explore our Solutions
AIS delivers a wide range of technology solutions, managed services, and consulting services that allow businesses to compete in today’s market. Whether deploying AIS solutions or other best-of-breed tools, the experienced, reliable AIS team delivers projects on time while streamlining IT services.

AIS Labs
AIS offers a variety of technology solutions leveraging enterprise open-source software, developed and maintained by AIS engineers. These include AIS Managed Firewall, NMS, SIEM, and VoIP.
Last modified
September 14, 2021