Hi Team, Rule "Insecure Or Cleartext Authentication Detected" detects says when Logon type "8" is detected in windows logs. As per Splunk : Detects authentication requests that transmit the password over the network as cleartext (unencrypted) https://docs.splunksecurityessentials.com/content-detail/insecure_or_cleartext_authentication_detected/ As Per Windows: The credentials do not traverse the network in plaintext (also called cleartext). https://docs.microsoft.com/en-us/windows/security/threat-protection/auditing/event-4624 Could you please let us know why this difference in description, This is creating some challenges in understanding the logs. Can someone help on this.
... View more