cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
thomasbchurch
New Member
Member since: ‎09-25-2017
‎06-05-2020
Community Statistics
Posts 2
Solutions 0
Karma Given 0
Karma Received 0
Member Since ‎09-25-2017
View All

Re: How to audit security logs to find password co...

by in Security
‎09-26-2017 10:29 AM
‎09-26-2017 10:29 AM
That worked thank you! The only issue im running into now is we have alot of system noise that has account names that show up as"-" frequently as 4624's. I can do search NOT Account_Name=- or where Account_Name != "-" however this removes any search with - in it. is there a way to have - removed from just 4624's using the search above? ... View more

How to audit security logs to find password compro...

by in Security
‎09-25-2017 12:52 PM
‎09-25-2017 12:52 PM
We audit the security logs looking for password compromises. A user will put the password in as the username and result in a 4625. The user will then log in within minutes on the same machine and show a 4624. We then have the user name and the password. We currently use the below command. This show us the password comprimise and the workstation name. I am trying to figure out how to add a line to show the 4624's within a 120 seconds of a failed log on. 4625 | stats count by Account_Name, Workstation_Name | sort - Account_Name ... View more
Contact Me
Online Status
Offline
Date Last Visited
‎06-05-2020 02:03 AM