@eddiejennings said in Logging Domain user authentication failures:
@travisdh1 said in Logging Domain user authentication failures:
@eddiejennings No OSSEC, Wazuh, or some other security monitoring available? All of them monitor logins by default that I've looked at. Should be easy to customize a report for whatever you need.
I haven't had to set this up in a Windows environment yet, so I'm also curious as to what you end up doing.
We do have ExtraHop; however, it's not capturing all the traffic it should (and another team is in charge of its configuration), so using auditing on the domain controllers is a bit of a stop-gap measure.
Ah. What an ..... effective use of resources.
Good luck, ExtraHop is very nice, but like every other tool, it's useless untill deployed properly.