0 Replies Latest reply on Jul 30, 2019 3:42 PM by jnink

    UserLogon / UserLogoff spam


      I have been making an effort to get our LEM/SEM logs in order so we can start shaping and alerting the information it is giving us.  One problem I have run into is we are getting a huge number of UserLogon and UserLogoff events under both "Local Account Authentication/Changes" and "User Logons" under "Authentication".  I will see 3 or 4 copies of the same log hit SEM for the same user on the same remote server with the only difference ever being a slight change between DestinationLogonID.  I will attach a redacted example of a logon and logoff to this thread as an example. 


      How do you all deal with the constant logon/logoff events while still staying PCI or HIPAA compliant?