Which event logs are generated during Kerberos pre-authentication brute-forcing, and how can they be detected?

Successful password verification generates event log '4768 - A Kerberos authentication ticket (TGT) was requested', while failed attempts generate '4771 - Kerberos pre-authentication failed'. Unlike LDAP brute-forcing, no '4625' log is produced. Analysts should monitor for multiple 4771 events in a short timeframe as an indicator of brute-force activity. The article discusses detection methods in detail.