@eddiejennings said in Logging Domain user authentication failures: @travisdh1 said in Logging Domain user authentication failures: @eddiejennings No OSSEC, Wazuh, or some other security monitoring available? All of them monitor logins by default that I've looked at. Should be easy to customize a report for whatever you need. I haven't had to set this up in a Windows environment yet, so I'm also curious as to what you end up doing. We do have ExtraHop; however, it's not capturing all the traffic it should (and another team is in charge of its configuration), so using auditing on the domain controllers is a bit of a stop-gap measure. Ah. What an ..... effective use of resources. Good luck, ExtraHop is very nice, but like every other tool, it's useless untill deployed properly.