Bug #215
ntsyslog.rules does not detect domain login events
Start date:
Due date:
% Done:
0%
Resolution:
Description
The ruleset appears to detect only host-based login attempts rather than login attempts against a domain.
event id 675: (bad password)
security[failure] 675 NT AUTHORITY\SYSTEM Pre-authentication failed: User Name:mike User ID: %{x-x-x-xx-xxxxxxxxxx-xxxxxxxxxx-xxxxxxxxx-xxx} Service Name:krbtgt/HQ Pre-Authentication Type:0x2 Failure Code:0x18 Client
Address:10.120.120.152
more info: http://www.ultimatewindowssecurity.com/events/com298.html
History
#1 Updated by over 16 years ago
- Status changed from New to Assigned
#2 Updated by Yoann VANDOORSELAERE over 14 years ago
- Project changed from PRELUDE SIEM to Prelude-LML
- Category deleted (
4) - Target version deleted (
93)
#3 Updated by Yoann VANDOORSELAERE over 14 years ago
- Target version set to 0.9.15
#4 Updated by Jean-Charles ROGEZ about 10 years ago
- Assignee deleted (
59) - Target version changed from 0.9.15 to 121
#5 Updated by Thomas ANDREJAK almost 8 years ago
- Target version changed from 121 to Prelude OSS 3.0.0
#6 Updated by Thomas ANDREJAK over 7 years ago
- Target version changed from Prelude OSS 3.0.0 to Prelude OSS 3.1.0
#7 Updated by Thomas ANDREJAK about 7 years ago
- Status changed from Assigned to New
- Target version changed from Prelude OSS 3.1.0 to Prelude OSS 4.0.0
#8 Updated by Thomas ANDREJAK about 6 years ago
- Target version changed from Prelude OSS 4.0.0 to Prelude OSS 4.1.0