The Importance of Client Side Triage in Kerbros Attacks

Roberto: A lot of these kerbros based things, but like I really in order to identify like 4768 So the events for um a tgt or a tgs for 487 c9 doesn't tell me much. Is there a way to actually tie that to whatever the client was and in this case that would be between two remote hosts and two In on those two different processes? He says detection should focus on the server side triage should help fill in the blinks to go to the client side To help define those malicious and non malicious.