I'm currently collecting windows security events. And it's been good for seeing failures. But I cannot see 'what' workstation or server they attempted to log into.
Does anyone have any advice on how to capture this piece of information?