The most recent content from our members.
it would be nice to have a report over the AD attributs LastBadPasswordAttempt, BadLogonCount and logonCount. LastBadPasswordAttempt is the timestamp which says when the last wrong password attempt is made. BadLogonCount is the amount of bad logons. logonCount is the amount of all good logons.
I have a simple list of users with their authorized hosts User A; Host A User B; Host B ..... I am trying to build a rule where in an ideal scenario and email would be fired upon the following scenario: User A logs with his Windows credentials to the PC of User B. I understand maybe this can be done with combining two or…
When techs login to the helpdesk it seems to take a really long time. I'm talking upwards of 30+ seconds just to login. Once you're in the application everything is smooth and things process quickly. Are there are temp tables I need to dump, or things I can tune to get logins to a reasonable state? For what it's worth, I'm…
Description If your Oracle database is configured for auditing, this alert will monitor for logon failures. It runs once every hour and looks for logon failures from the last hour. ALERT DEFINITION To create the alert, click on Alerts > Manage Alerts tab and create a Custom Alert of type Custom SQL Alert - Single Numeric…
Good afternoon, I logged into my LEM this morning and had over 500 alerts in my email for Domain ANONYMOUS LOGON by. This triggers a 'domain modification' rule that I have set. I have the rule set as follows: auditable events (all).source account NOT EQUAL to admin accounts, admin groups or $ I'm just wondering if this is…
It would be nice if Serv-U had an option to logon to HTTP/HTTPS using the current windows authentication credentials. Seems like a good option to add under 'Limits & Settings' and control it by server or per domain. Alternatively, you could add a checkbox below the username/password prompt to "Use Windows Credentials"…
Hi folks, Im very very new in LEM, I started to work with this SIEM this week and my boss tell me to conduct a demo with a customer next week. So, i did configured an Cisco ASA connector and active response, initatite a Scan attack with Metasploit and Nmap, did a correlation rule for TCP traffic and the LEM shuns the…
So I'm trying to determine how many times a user has interactively logged in over the past couple weeks but when I use nDepth to show all "machinelogons" and "userlogons" for this user I just get a few thousand "logontype: windows: network" , "logontype: windows: network cleartype logon" , and "logontype: (blank space)". I…
I was able to log in as myself (Admin person) and create an account/view etc.. and then log out and back in as my test account that was set up to reflect the new account status.. I can no longer do that.. I try to log out and it takes me back to my home page.. any ideas?
I have set up a restricted view for the leadership in my organization so that they have a high-level overview of everything they need to see. The page is then "embeded" into a Sharepoint page (think frames or importing external webparts), since they would like to be able to see the information through our current…
It looks like you're new here. Sign in or register to get started.