|Alert Message||Windows audit failure event|
Composite IDS rule indicating multiple system error messages have been reported by windows. It is typically a generic catch all for multiple recurrences of the same error message
What you should do
This means something is wrong with an application/applications on the windows system. Investigate the application(s) reporting this message to identify the cause.
There are no false positives with this rule.
There is no guidance for tuning this rule, this is a generic Windows error and the rule should not be disabled.
If you are unsure about how to respond to this alert, please contact Atomicorp support. We're here to help you!
Knowledge Base Articles