CSEC_PUBLIC/hayabusa
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
Files
034f9c0957aea6c623ea8a7dd633312ebfb2bb33
hayabusa/rules/timeline-rules/Logons/4625-Logon-Failure.yml
Tanaka Zakku bad4429ad0 Rule tuning
2021-11-18 10:31:28 +09:00

14 lines
443 B
YAML
Raw Blame History

title: Logon Failure
description: Prints logon information
author: Zach Mathis
level: low
detection:
selection:
Channel: Security
EventID: 4625
falsepositives:
- normal system usage
output: 'User: %TargetUserName% : Type: %LogonType% : Workstation: %Workstation% : IP Address: %IpAddress% : SubStatus: %SubStatus% : AuthPackage: %AuthenticationPackageName%'
creation_date: 2021/11/17
updated_date: 2021/11/17
Reference in New Issue View Git Blame Copy Permalink