Event ID 5632 – A Request Was Made To Authenticate To A Wireless Network.
|Sub-Category||Other Logon/Logoff Events|
|Type||Success Audit; Failure Audit|
|Description||A request was made to authenticate to a wireless network|
When a network adapter connects to a new wireless network and an 802.1x authentication attempt is made for that wireless network, event 5632 is generated.
This log data provides the following information:
- Security ID
- Account Name
- Account Domain
- Logon ID
- Interface GUID
- Local MAC Address
- Peer MAC Address
- Reason Code
- Error Code
- EAP Reason Code
- EAP Root Cause String
- EAP Error Code
Why does event ID 5632 need to be monitored?
- To monitor the devices which are connecting to a network
- To monitor actions of high value accounts
- To detect anomalies and malicious actions
- To ensure non-active, external, and restricted accounts are not used
- To ensure that only white-listed accounts perform certain specific actions
- To enforce conventions and compliances
With in-depth reports, real-time alerts, and graphical displays, ADAudit Plus tracks network connections, helping you meet your security, operational, and compliance needs with absolute ease..
Event 5632 applies to the following operating systems:
- Windows 2008 R2 and 7
- Windows 2012 R2 and 8.1
- Windows 2016 and 10