5066 A cryptographic function operation was attempted
Written when an operation on a cryptographic function is attempted. It is one of a family of events capturing CNG configuration operations.
Overview
The subcategory is Audit Other Policy Change Events. It is generated when an operation on a CNG cryptographic function is attempted. It is a crypto-configuration audit event alongside the context ones 5064/5065.
How it is triggered
- Referencing or operating on a cryptographic function.
Security review points
- It is a configuration-operation event with low individual security value. Confirm unexpected operations together with other crypto-configuration events (5063 to 5070).
Notes for log review
- Monitor crypto-configuration events as a group and note unfamiliar operations.
Key fields
| Field | Meaning |
|---|---|
Operation | The operation type |
Subject / Process Name | The origin |