The customer would like to know if DDI 3.5 records the account information when the following rules are triggered:
- RuleID 15 OTHERS Medium Many unsuccessful logon attempts
- RuleID 38 OTHERS Low Multiple unsuccessful logon attempts
No, DDI records the account information for successful logins only. By design, DDI will not catch the account information of a failed login attempt.
For example, domain\user1 successfully logs in to the Active Directory machine, but domain\user2 fails and instead triggers rule 15 or 38. DDI logs will record domain\user1 but not domain\user2.