Value of logging Type 3 logons Expand / Collapse
Author
Message
Posted 5/13/2019 2:02:34 PM
Forum Newbie

Forum NewbieForum NewbieForum NewbieForum NewbieForum NewbieForum NewbieForum NewbieForum Newbie

Group: Forum Members
Last Login: 5/13/2019 1:54:55 PM
Posts: 1, Visits: 0
Curious whether folks log all type 3 (network) logons for SIEM? In our enviroment (6,000 users) this can generate hundreds of millions of "events" per day, mostly due to a handful of service accounts that are constanting "authentication" (SIEM, NAC, Asset Inventory, Health Status, etc).

Post #8562
Posted 6/24/2019 2:59:39 PM
Supreme Being

Supreme BeingSupreme BeingSupreme BeingSupreme BeingSupreme BeingSupreme BeingSupreme BeingSupreme Being

Group: Moderators
Last Login: 11/14/2013 3:17:47 PM
Posts: 237, Visits: 0
Network logons can indicate lateral movement and should be logged. I would start by filtering out type 3 logons of those noisy service accounts.
Post #8577
« Prev Topic | Next Topic »


Permissions Expand / Collapse

All times are GMT -5:00, Time now is 5:19pm