Bug #343
Updated by Antoine LUONG about 8 years ago
Example: the IDMEF alerts for both of these logs
<pre>
[[WinEvtLog]]: Security: AUDIT_SUCCESS(673): Security: SYSTEM: NT AUTHORITY: SERVER: user@DOMAIN DOMAIN PC$ %{SOMERANDOMUIDHERE} 0x40810010 0x17 10.10.10.10 - {SOMEOTHERUID} -
[[WinEvtLog]]: Security: AUDIT_FAILURE(673): Security: SYSTEM: NT AUTHORITY: SERVER: - 0x2 - 10.10.10.10 0x20 - -
</pre>
have assessment.impact.completion = succeeded
See also: http://marc.info/?t=123274084100006&r=1&w=2
<pre>
[[WinEvtLog]]: Security: AUDIT_SUCCESS(673): Security: SYSTEM: NT AUTHORITY: SERVER: user@DOMAIN DOMAIN PC$ %{SOMERANDOMUIDHERE} 0x40810010 0x17 10.10.10.10 - {SOMEOTHERUID} -
[[WinEvtLog]]: Security: AUDIT_FAILURE(673): Security: SYSTEM: NT AUTHORITY: SERVER: - 0x2 - 10.10.10.10 0x20 - -
</pre>
have assessment.impact.completion = succeeded
See also: http://marc.info/?t=123274084100006&r=1&w=2