Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Added alert for the login failure due to password expire #569

Merged
merged 2 commits into from
Jun 4, 2024
Merged

Added alert for the login failure due to password expire #569

merged 2 commits into from
Jun 4, 2024

Conversation

hardikhdholariya
Copy link
Contributor

No description provided.

VatsalJagani
VatsalJagani reviewed May 31, 2024
View reviewed changes
cyences_app_for_splunk/default/savedsearches.conf Outdated
| `drop_dm_object_name(Authentication)` \
| search NOT EventCode IN (4768, 4771) OR NOT Result_Code IN ("0x17") \
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@mahirchavda - Shall we keep the EventCode filtering?

Copy link
Collaborator

@mahirchavda mahirchavda May 31, 2024
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

No need to use EventCode. We have error_code field in the Authentication datamodel that we can use directly.

@hardikhdholariya Please check if error_code is extracted for this event or not. if not we can just add one extraction and update the cs_bruteforce_from_user_additional_filter and cs_bruteforce_from_source_additional_filter macros.

I think signature realted field would have EventID info if needed

@hardikhdholariya hardikhdholariya merged commit d7ec854 into master Jun 4, 2024
1 check passed
@hardikhdholariya hardikhdholariya deleted the add-alert-for-the-login-failure-due-to-password-expired branch June 4, 2024 09:05
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@VatsalJagani VatsalJagani VatsalJagani left review comments

@mahirchavda mahirchavda mahirchavda approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@hardikhdholariya @VatsalJagani @mahirchavda