What if I want to do daily hunt for failed login activity for my organization: 1. Will such hunt be useful? 2. What event log do I need in addition to 4625, 4776? Mb also 4771? 3. What do I need to look in? Today I just look for a following: - multiple failed logins for one user - failed logins multiple users from one source - failed logins multiple users that do not exists - failed logins where reason is locked out users - logon type 4 - schedule tasks failed logins - logon type 5 - service failed logins - logon type 10 - RDP failed logins
honestly, I'm not a net security professional or anything, I just find this interesting. thanks for the videos!
Need more videos like this
We are glad you enjoyed it!
Please make more videos about event logs
What if I want to do daily hunt for failed login activity for my organization:
1. Will such hunt be useful?
2. What event log do I need in addition to 4625, 4776? Mb also 4771?
3. What do I need to look in?
Today I just look for a following:
- multiple failed logins for one user
- failed logins multiple users from one source
- failed logins multiple users that do not exists
- failed logins where reason is locked out users
- logon type 4 - schedule tasks failed logins
- logon type 5 - service failed logins
- logon type 10 - RDP failed logins