EventPeeker
Scan your Security and Sysmon logs·Detection guides
Event ID 5145Audit SuccessSecurity

Windows Event ID 5145Network Share Object Access Checked

Logged when access is checked on a file or folder within a network share — more granular than 5140 (share level) but very high volume.

Why It Matters

Provides file-level visibility into what an account accessed within a share. Useful for data theft investigations but generates extreme log volume — typically only enable for specific sensitive shares.

Key Fields

Share NameThe parent share
Relative Target NameThe specific file or folder accessed within the share
Account NameWho accessed it

Investigation Tips

  1. 1.Only enable on shares containing sensitive data — enabling everywhere generates millions of events per day.
  2. 2.Use for post-incident forensics to reconstruct exactly which files an attacker accessed.

Related Event IDs

5140Share-level access event

See Event ID 5145 in your logs

Upload a Windows Event Log (.evtx) file — EventPeeker automatically detects network share object access checked patterns, maps findings to MITRE ATT&CK, and generates an AI triage report.

Analyze EVTX Logs Free →
← All detection guides·Analyze EVTX Logs Free →