@eddiejennings said in Logging Domain user authentication failures:

@travisdh1 said in Logging Domain user authentication failures:

@eddiejennings No OSSEC, Wazuh, or some other security monitoring available? All of them monitor logins by default that I've looked at. Should be easy to customize a report for whatever you need.

I haven't had to set this up in a Windows environment yet, so I'm also curious as to what you end up doing.

We do have ExtraHop; however, it's not capturing all the traffic it should (and another team is in charge of its configuration), so using auditing on the domain controllers is a bit of a stop-gap measure.

Ah. What an ..... effective use of resources.

Good luck, ExtraHop is very nice, but like every other tool, it's useless untill deployed properly.