HIDS 59300

From Atomicorp Wiki
Revision as of 11:07, 22 October 2020 by Scott (Talk | contribs)

(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to: navigation, search
Rule 1
Status Active
Alert Message Windows audit failure event

Contents

[edit] Description

IIS NetworkCleartext Logon success.

[edit] What you should do

This means something is sending valid user credentials in cleartext (un-encrypted) over the network. This could be exposing valid user credentials to an attacker with network access between hosts (open wireless networks, ISP's, etc). Investigate this connection and/or application to determine if it can be re-implemented.

[edit] Troubleshooting

[edit] False Positives

There are no false positives with this rule.

[edit] Tuning Guidance

There is no guidance for tuning this rule, this is a generic Windows error and the rule should not be disabled.

[edit] Additional Information

[edit] Support

If you are unsure about how to respond to this alert, please contact Atomicorp support. We're here to help you!

[edit] Similar Rules

None.

[edit] Knowledge Base Articles

None.

[edit] Outside References

None.

[edit] Notes

Personal tools