Difference between revisions of "HIDS 59300"
From Atomicorp Wiki
(Created page with "{{Infobox |header1 = Rule 1 |label2 = Status |data2 = Active |label3 = Alert Message |data3 = Windows audit failure event }} = Description = IIS NetworkCleartext Logon su...") |
Latest revision as of 11:07, 22 October 2020
Rule 1 | |
---|---|
Status | Active |
Alert Message | Windows audit failure event |
Contents |
[edit] Description
IIS NetworkCleartext Logon success.
[edit] What you should do
This means something is sending valid user credentials in cleartext (un-encrypted) over the network. This could be exposing valid user credentials to an attacker with network access between hosts (open wireless networks, ISP's, etc). Investigate this connection and/or application to determine if it can be re-implemented.
[edit] Troubleshooting
[edit] False Positives
There are no false positives with this rule.
[edit] Tuning Guidance
There is no guidance for tuning this rule, this is a generic Windows error and the rule should not be disabled.
[edit] Additional Information
[edit] Support
If you are unsure about how to respond to this alert, please contact Atomicorp support. We're here to help you!
[edit] Similar Rules
None.
[edit] Knowledge Base Articles
None.
[edit] Outside References
None.