Ad slot: top
GoSplunk SPL + dashboard repository
Log in Register

SPL

Failed Logins Windows

WinEventLog:Security

Description

Submitted by SplunkNinja

Splunk query for all failed logon attempts within a windows environment.
2 3 
sourcetype="WinEventLog:Security" ("EventCode=4625") OR ("EventCode=529" OR "EventCode=530" OR "EventCode=531" OR "EventCode=532" OR "EventCode=533" OR "EventCode=534" OR "EventCode=535" OR "EventCode=536" OR "EventCode=537" OR "EventCode=539")

Comments

0 total

Be the first to comment on this SPL.

Leave a comment

You must log in to post a comment.

Ad slot: bottom