Find passwords in User_Name field

This eval for password can be easily used for any field where a user can accidentally type in a password or even worse both username/password during login which generates a failed event.   Below example is for Windows failed login.  The eval will match 10 or more characters with 1 uppercase, 1 lower case, 1 digit and 1 special character.  This search also assumes you have the “User_Name” field being extracted from windows event logs.  Adjust as needed.

Share This:
Tagged:

Leave A Comment?