Details of the event with ID 5127 of the source Microsoft-Windows-Security-Auditing

Author Uwe GradeneggerPosted on Categories Events, Security, Certification AuthorityTags
Event Source:Microsoft Windows Security Auditing
Event ID:5127 (0x1407)
Event log:Security
Event type:Information
Event text (English):The OCSP Revocation Provider successfully updated the revocation information. CA Configuration ID: %1 Base CRL Number: %2 Base CRL This Update: %3 Base CRL Hash: %4 Delta CRL Number: %5 Delta CRL Indicator: %6 Delta CRL This Update: %7 Delta CRL Hash: %8
Event text (German):The OCSP response service has successfully updated the revocation information. Certification authority configuration ID: %1 Base revocation list number: %2 Base revocation list, this update: %3 Base revocation list hash: %4 Delta revocation list number: %5 Delta revocation list display: %6 Delta revocation list, this update: %7 Delta revocation list hash: %8

Parameter

The parameters contained in the event text are filled with the following fields:

  • %1: CAConfigurationId (win:UnicodeString)
  • %2: BaseCRLNumber (win:UnicodeString)
  • %3: BaseCRLThisUpdate (win:UnicodeString)
  • %4: BaseCRLHash (win:UnicodeString)
  • %5: DeltaCRLNumber (win:UnicodeString)
  • %6: DeltaCRLIndicator (win:UnicodeString)
  • %7: DeltaCRLThisUpdate (win:UnicodeString)
  • %8: DeltaCRLHash (win:UnicodeString)

In contrast to operational events, which are often understood under the term "monitoring", auditing for the certification authority is the configuration of logging of security-relevant events.

Example events

The OCSP Revocation Provider successfully updated the revocation information.
CA Configuration ID: ADCS Labor Issuing CA 1 (Key 0)
Base CRL Number: 64
Base CRL This Update: 15.09.2020 08:51 02.000s
Base CRL Hash: 41 af 8e 19 01 88 e9 02 a4 1e ae d0 bd 8f 4a 05 37 8b b6 7a
Delta CRL Number:
Delta CRL Indicator:
Delta CRL This Update:
Delta CRL Hash:

Description

No description has been written for this yet.

Safety assessment

The security assessment is based on the three dimensions of confidentiality, integrity and availability.

No description has been written for this yet.

Related links:

One thought on “Details zum Ereignis mit ID 5127 der Quelle Microsoft-Windows-Security-Auditing”

  1. Pingback: Details about the event with ID 21 of the source Microsoft-Windows-Kerberos-Key-Distribution-Center - Uwe Gradenegger

Comments are closed.

en_USEnglish
de_DEDeutsch en_USEnglish