Event ID 5058 - Key file operation.
|Description||This event is generated when an operation (read, write, delete, and so on) was performed on a file that contains a KSP key by using a Key Storage Provider (KSP). This event is generated only if one of the following KSPs were used:
|Subcategory||Other system events|
The event logs the following information:
|Key file operation information||
Reasons to monitor event:
- Typically this event is required for detailed monitoring of KSP-related actions with cryptographic keys.
- If you need to monitor actions related to specific cryptographic keys (“Key Name”) or a specific “Operation”, such as “Delete key file”, you can create monitoring rules and use this event as an information source.
Event 5058 applies to the following operating systems:
- Windows Server 2008 R2 and 7
- Windows Server 2012 R2 and 8.1
- Windows Server 2016 and 10
Explore Active Directory auditing and reporting with ADAudit Plus.
- Related Products
- ADManager Plus Active Directory Management & Reporting
- ADAudit Plus Real-time Active Directory Auditing and UBA
- EventLog Analyzer Real-time Log Analysis & Reporting
- ADSelfService Plus Self-Service Password Management
- AD360 Integrated Identity & Access Management
- Log360 Comprehensive SIEM and UEBA
- AD Free Tools Active Directory FREE Tools