03/29/2021 01:44:33 PM
LogName=Security
SourceName=Microsoft Windows security auditing.
EventCode=4769
EventType=0
Type=Information
ComputerName=win-dc-156.attackrange.local
TaskCategory=Kerberos Service Ticket Operations
OpCode=Info
RecordNumber=229743
Keywords=Audit Success
Message=A Kerberos service ticket was requested.

Account Information:
	Account Name:		WIN-DC-156$@ATTACKRANGE.LOCAL
	Account Domain:		ATTACKRANGE.LOCAL
	Logon GUID:		{B5AD9F01-280E-04FE-579D-2CB674573AB3}

Service Information:
	Service Name:		WIN-DC-156$
	Service ID:		ATTACKRANGE\WIN-DC-156$

Network Information:
	Client Address:		::1
	Client Port:		0

Additional Information:
	Ticket Options:		0x40810000
	Ticket Encryption Type:	0x17
	Failure Code:		0x0
	Transited Services:	-

This event is generated every time access is requested to a resource such as a computer or a Windows service.  The service name indicates the resource to which access was requested.

This event can be correlated with Windows logon events by comparing the Logon GUID fields in each event.  The logon event occurs on the machine that was accessed, which is often a different machine than the domain controller which issued the service ticket.

Ticket options, encryption types, and failure codes are defined in RFC 4120.