HIDS 59334

From Atomicorp Wiki
Jump to: navigation, search
Rule 1
Status Active
Alert Message Windows audit failure event


[edit] Description

Multime attempts to access an audited object by the same user. 10 times in 240 seconds.

[edit] What you should do

This means a user has attempted to access an auditing object multiple times and failed. It could indicate an attack, IOC, or a misconfigured application.

[edit] Troubleshooting

[edit] False Positives

There are no false positives with this rule.

[edit] Tuning Guidance

There is no guidance for tuning this rule, this is a generic Windows error and the rule should not be disabled.

[edit] Additional Information

[edit] Support

If you are unsure about how to respond to this alert, please contact Atomicorp support. We're here to help you!

[edit] Similar Rules


[edit] Knowledge Base Articles


[edit] Outside References


[edit] Notes

Personal tools