HIDS 59300

From Atomicorp Wiki
Jump to: navigation, search
Rule 1
Status Active
Alert Message Windows audit failure event

Contents

Description

IIS NetworkCleartext Logon success.

What you should do

This means something is sending valid user credentials in cleartext (un-encrypted) over the network. This could be exposing valid user credentials to an attacker with network access between hosts (open wireless networks, ISP's, etc). Investigate this connection and/or application to determine if it can be re-implemented.

Troubleshooting

False Positives

There are no false positives with this rule.

Tuning Guidance

There is no guidance for tuning this rule, this is a generic Windows error and the rule should not be disabled.

Additional Information

Support

If you are unsure about how to respond to this alert, please contact Atomicorp support. We're here to help you!

Similar Rules

None.

Knowledge Base Articles

None.

Outside References

None.

Notes

Personal tools