Trend Micro - Securing Your Journey to the Cloud Business
Support
Sign In with your
Trend Micro Account
Need Help?
Need More Help?

Create a technical support case if you need further support.

Record of accounts that failed to log in to the Active Directory machine in Deep Discovery Inspector (DDI)

    • Updated:
    • 24 Nov 2016
    • Product/Version:
    • Deep Discovery Inspector 3.5
    • Deep Discovery Inspector 3.6
    • Deep Discovery Inspector 3.7
    • Deep Discovery Inspector 3.8
    • Platform:
    • N/A N/A
Summary

The customer would like to know if  DDI 3.5 records the account information when the following rules are triggered:

  • RuleID 15 OTHERS  Medium Many unsuccessful logon attempts
  • RuleID 38 OTHERS  Low Multiple unsuccessful logon attempts
Details
Public

No, DDI records the account information for successful logins only. By design, DDI will not catch the account information of a failed login attempt.

For example, domain\user1 successfully logs in to the Active Directory machine, but domain\user2 fails and instead triggers rule 15 or 38. DDI logs will record domain\user1 but not domain\user2.

Premium
Internal
Rating:
Category:
SPEC
Solution Id:
1104117
Feedback
Did this article help you?

Thank you for your feedback!

To help us improve the quality of this article, please leave your email here so we can clarify further your feedback, if neccessary:
We will not send you spam or share your email address.

*This form is automated system. General questions, technical, sales, and product-related issues submitted through this form will not be answered.

If you need additional help, you may try to contact the support team. Contact Support

To help us improve the quality of this article, please leave your email here so we can clarify further your feedback, if neccessary:
We will not send you spam or share your email address.

*This form is automated system. General questions, technical, sales, and product-related issues submitted through this form will not be answered.
Related Articles