Introduction
Örnek SIEM Kuralları - 19

Örnek SIEM Kuralları - 19

  • L2L - Event ID - 4625 - An account failed to log on. tetikleniyor ve Status\Sub-Status Code 0xC0000070 - User logon from unauthorized workstation. ise alarm üret.
  • L2L - Event ID - 4625 - An account failed to log on. tetikleniyor ve Status\Sub-Status Code 0XC0000413 - Logon Failure: The machine you are logging onto is protected by an authentication firewall. The specified account is not allowed to authenticate to the machine. ise alarm üret.
  • L2L - Event ID - 4625 - An account failed to log on. tetikleniyor ve Status\Sub-Status Code 0XC000015B - The user has not been granted the requested logon type (aka logon right) at this machine. ise alarm üret.
  • L2L - Event ID - 4625 - An account failed to log on. tetikleniyor ve Status\Sub-Status Code 0xC0000193 - User logon with expired account. ise alarm üret.
  • L2L - Event ID - 5148 - The Windows Filtering Platform has detected a DoS attack and entered a defensive mode; packets associated with this attack will be discarded. tetiklenirse alarm üret.
  • L2L - Event ID - 6423 - The installation of this device is forbidden by system policy. tetiklenirse alarm üret.
  • L2L - Event ID - 4782 - The password hash of an account was accessed. tetiklenirse alarm üret.
  • L2L - Event ID - 4949 - Windows Firewall settings were restored to the default values. tetiklenirse alarm üret.
Author

EAE

View Comments
Next Post

Chrony NTP Server Yapılandırması

Previous Post

Örnek SIEM Kuralları - 18