Medium


Active Directory Account Locked Out

Active Directory - Account Locked Out

Azure Blob Rclone Sync Errors

Azure Blob Rclone Sync Errors

Carbon Black Active Threat Detected

Carbon Black Active Threat Detected

Ceph Scrub Errors

Ceph Scrub Errors

Fortigate FG IR 22 398 Detection

Fortigate FG-IR-22-398 Detection

High Security Group Membership Change

High Security Group Membership Change

Read Only File System

Read Only File System

Performance Applications Crashing

Performance - Applications crashing

Reliability License Manager Errors

Reliability - License Manager errors

Reliability Service Errors

Reliability - Service Errors

Security Authentication Errors

Security - Authentication errors

Office 365 More Than 100 Messages Purged Per Day

  • Office 365 - More than 100 Messages Purged Per Day

RequestClientApplication Action ViaProxy

requestClientApplication Action ViaProxy

RequestClientApplication Mozilla/5 0 (Windows NT 10 0 Win64 X64)

requestClientApplication Mozilla/5.0 (Windows NT 10.0 Win64 x64)

Office 365 Admin Commands Run By User

  • Office 365 - Admin Commands Run by User

Office 365 New Country Activity

  • Office 365 - New Country Activity

Windows User High Failed Login Count

Windows - User high failed login count

Certificate Services Loaded Default Configuration

Certificate Services loaded default configuration

Office 365 New User Created

Office 365 - New User Created

Reliability Network Drive Access Denied

Reliability - Network Drive access denied

Syslog Log Level 2 Alert

Syslog Log level 2 alert

Scan Failed

Scan Failed

SSH Server Login Event

SSH Server Login Event -

Sensitive Privilege Use

  • Sensitive Privilege Use

Severity:ERROR AND Channel:Security AND Category:File System

  • Severity:ERROR AND Channel:Security AND Category:File System

Active Directory Unexpected Shutdown

Active Directory - Unexpected Shutdown

Fortigate Firewall SSL VPN Disconnection

Fortigate Firewall SSL VPN Disconnection

General Account Database Changed

General account database changed

Performance Terminal Server Remote Desktop Login Errors

Performance - Terminal Server remote desktop login errors

Quality Of Service Policy Changed

Quality of Service Policy changed

Aggregating Count() By Channel, Level, EventType Error

Aggregating count() by Channel, level, EventType Error

Level 2 Severity Errors

Level 2 Severity Errors

Performance Scheduled Task Errors

Performance - Scheduled Task errors

Performance SQL Server Errors

Performance - SQL server errors

Reliability License Manager Errors

Reliability - License Manager errors

Reliability Network Drive Disconnect Errors

Reliability - Network drive disconnect errors

Reliability Settings Sync Not Configured Properly

Reliability - Settings Sync not configured properly

Reliability Temporary Profile Errors

Reliability - Temporary Profile Errors

Security Authentication Errors

Security - Authentication errors

Security Permissions Errors

Security - Permissions errors

Security Ransomware Vulnerability

Security - Ransomware vulnerability

Security Windows Updates Missing

Security - Windows Updates missing

Office 365 Impossible Travel

  • Office 365 - Impossible Travel

Office 365 Suspicious Email Detected

  • Office 365 - Suspicious email Detected

Firewall Credit Card Numbers Detected

Firewall - Credit Card Numbers Detected

Firewall Network Trojan Detected

Firewall - Network Trojan Detected

Firewall Social Security Numbers Detected

Firewall - Social Security Numbers Detected

Remote Interactive Logons

  • Remote Interactive Logons

A Configuration Entry Changed In OCSP Responder Service

A configuration entry changed in OCSP Responder Service

A Configuration Entry Changed In OCSP Responder Service

A configuration entry changed in OCSP Responder Service

A Group's Type Was Changed

A group’s type was changed.

A New Trust Was Created To A Domain

A new trust was created to a domain.

A Property Of Certificate Services Changed

A property of Certificate Services changed.

A Security Disabled Group Was Deleted

A security-disabled group was deleted

A Security Enabled Global Group Was Changed

A security-enabled global group was changed.

A Security Enabled Global Group Was Created

A security-enabled global group was created.

A Security Enabled Local Group Was Changed

A security-enabled local group was changed.

A Security Enabled Universal Group Was Changed

A security-enabled universal group was changed.

A Security Enabled Universal Group Was Created

A security-enabled universal group was created.

A Trusted Forest Information Entry Was Added

A trusted forest information entry was added.

A Trusted Forest Information Entry Was Modified

A trusted forest information entry was modified.

A Trusted Forest Information Entry Was Removed

A trusted forest information entry was removed.

Action On Malware Failed

Action on Malware Failed

Administrator Recovered System From CrashOnAuditFail Users Who Are Not Administrators Will Now Be Allowed To Log On Some Auditable Activity Might Not Have Been Recorded

Administrator recovered system from CrashOnAuditFail. Users who are not administrators will now be allowed to log on. Some auditable activity might not have been recorded.

An Attempt To Automatically Restart Conversion On Volume 2 Failed

An attempt to automatically restart conversion on volume 2 failed.

An Attempt Was Made To Reset An Account's Password

An attempt was made to reset an account’s password.

An Error Was Encountered Converting Volume

An error was encountered converting volume

An IPsec Extended Mode Negotiation Failed The Corresponding Main Mode Security Association Has Been Deleted

An IPsec Extended Mode negotiation failed. The corresponding Main Mode security association has been deleted.

An IPsec Extended Mode Negotiation Failed The Corresponding Main Mode Security Association Has Been Deleted

An IPsec Extended Mode negotiation failed. The corresponding Main Mode security association has been deleted.

An IPsec Negotiation With A Remote Computer Failed Because The IKE And AuthIP IPsec Keying Modules (IKEEXT) Service Is Not Started

An IPsec negotiation with a remote computer failed because the IKE and AuthIP IPsec Keying Modules (IKEEXT) service is not started.

App Crash

App Crash

App Hang

App Hang

AppLocker Warning

AppLocker Warning

Auditing Settings On Object Were Changed

Auditing settings on object were changed.

Backup Of Data Protection Master Key Was Attempted

Backup of data protection master key was attempted.

BSOD

BSOD

CA Permissions Corrupted Or Missing

CA Permissions Corrupted or Missing

Certificate Services Revoked A Certificate

Certificate Services revoked a certificate.

Code Integrity Check

Code Integrity Check

Code Integrity Determined That The Image Hash Of A File Is Not Valid The File Could Be Corrupt Due To Unauthorized Modification Or The Invalid Hash Could Indicate A Potential Disk Device Error

Code integrity determined that the image hash of a file is not valid. The file could be corrupt due to unauthorized modification or the invalid hash could indicate a potential disk device error.

Create Profile Failed

Create Profile failed

Credential Manager Credentials Were Backed Up

Credential Manager credentials were backed up.

Credential Manager Credentials Were Restored From A Backup

Credential Manager credentials were restored from a backup.

Detected Malware

Detected Malware

Domain Policy Was Changed

Domain Policy was changed.

During Extended Mode Negotiation, IPsec Received An Invalid Negotiation Packet If This Problem Persists, IT Could Indicate A Network Issue Or An Attempt To Modify Or Replay This Negotiation

During Extended Mode negotiation, IPsec received an invalid negotiation packet. If this problem persists, it could indicate a network issue or an attempt to modify or replay this negotiation.

During Main Mode Negotiation, IPsec Received An Invalid Negotiation Packet If This Problem Persists, IT Could Indicate A Network Issue Or An Attempt To Modify Or Replay This Negotiation

During Main Mode negotiation, IPsec received an invalid negotiation packet. If this problem persists, it could indicate a network issue or an attempt to modify or replay this negotiation.

During Quick Mode Negotiation, IPsec Received An Invalid Negotiation Packet If This Problem Persists, IT Could Indicate A Network Issue Or An Attempt To Modify Or Replay This Negotiation

During Quick Mode negotiation, IPsec received an invalid negotiation packet. If this problem persists, it could indicate a network issue or an attempt to modify or replay this negotiation.

Encrypted Data Recovery Policy Was Changed

Encrypted data recovery policy was changed.

Failed Kernel Driver Loading

Failed Kernel Driver Loading

Failed To Remove Item From Quarantine

Failed to remove item from quarantine

Failed To Update Engine

Failed to update engine

Failed To Update Signatures

Failed to update signatures

Firewall Failed To Load Group Policy

Firewall Failed to load Group Policy

Generic Internal Error

Generic Internal Error

Group Policy Application Failed Due To Connectivity

Group Policy Application Failed due to Connectivity

Internal Error

Internal Error

IPsec Dropped An Inbound Clear Text Packet That Should Have Been Secured This Is Usually Due To The Remote Computer Changing Its IPsec Policy Without Informing This Computer This Could Also Be A Spoofing Attack Attempt

IPsec dropped an inbound clear text packet that should have been secured. This is usually due to the remote computer changing its IPsec policy without informing this computer. This could also be a spoofing attack attempt.

IPsec Dropped An Inbound Packet That Failed A Replay Check If This Problem Persists, IT Could Indicate A Replay Attack Against This Computer

IPsec dropped an inbound packet that failed a replay check. If this problem persists, it could indicate a replay attack against this computer.

IPsec Dropped An Inbound Packet That Failed A Replay Check The Inbound Packet Had Too Low A Sequence Number To Ensure IT Was Not A Replay

IPsec dropped an inbound packet that failed a replay check. The inbound packet had too low a sequence number to ensure it was not a replay.

IPsec Dropped An Inbound Packet That Failed An Integrity Check If This Problem Persists, IT Could Indicate A Network Issue Or That Packets Are Being Modified In Transit To This Computer Verify That The Packets Sent From The Remote Computer Are The Same As Those Received By This Computer This Error Might Also Indicate Interoperability Problems With Other IPsec Implementations

IPsec dropped an inbound packet that failed an integrity check. If this problem persists, it could indicate a network issue or that packets are being modified in transit to this computer. Verify that the packets sent from the remote computer are the same as those received by this computer. This error might also indicate interoperability problems with other IPsec implementations.

IPsec Received A Packet From A Remote Computer With An Incorrect Security Parameter Index (SPI) This Is Usually Caused By Malfunctioning Hardware That Is Corrupting Packets If These Errors Persist, Verify That The Packets Sent From The Remote Computer Are The Same As Those Received By This Computer This Error May Also Indicate Interoperability Problems With Other IPsec Implementations In That Case, If Connectivity Is Not Impeded, Then These Events Can Be Ignored

IPsec received a packet from a remote computer with an incorrect Security Parameter Index (SPI). This is usually caused by malfunctioning hardware that is corrupting packets. If these errors persist, verify that the packets sent from the remote computer are the same as those received by this computer. This error may also indicate interoperability problems with other IPsec implementations. In that case, if connectivity is not impeded, then these events can be ignored.

IPsec Services Failed To Get The Complete List Of Network Interfaces On The Computer This Poses A Potential Security Risk Because Some Of The Network Interfaces May Not Get The Protection Provided By The Applied IPsec Filters Use The IP Security Monitor Snap In To Diagnose The Problem

IPsec Services failed to get the complete list of network interfaces on the computer. This poses a potential security risk because some of the network interfaces may not get the protection provided by the applied IPsec filters. Use the IP Security Monitor snap-in to diagnose the problem.

IPsec Services Failed To Initialize RPC Server IPsec Services Could Not Be Started

IPsec Services failed to initialize RPC server. IPsec Services could not be started.

IPsec Services Failed To Process Some IPsec Filters On A Plug And Play Event For Network Interfaces This Poses A Potential Security Risk Because Some Of The Network Interfaces May Not Get The Protection Provided By The Applied IPsec Filters Use The IP Security Monitor Snap In To Diagnose The Problem

IPsec Services failed to process some IPsec filters on a plug-and-play event for network interfaces. This poses a potential security risk because some of the network interfaces may not get the protection provided by the applied IPsec filters. Use the IP Security Monitor snap-in to diagnose the problem.

IPsec Services Has Experienced A Critical Failure And Has Been Shut Down The Shutdown Of IPsec Services Can Put The Computer At Greater Risk Of Network Attack Or Expose The Computer To Potential Security Risks

IPsec Services has experienced a critical failure and has been shut down. The shutdown of IPsec Services can put the computer at greater risk of network attack or expose the computer to potential security risks.

Kerberos Policy Was Changed

Kerberos policy was changed.

Malware Removal Fatal Error

Malware Removal Fatal Error

Metadata Rebuild: An Attempt To Write A Copy Of Metadata On Volume 2 Failed And May Appear As Disk Corruption If Failures Continue, Decrypt Volume

Metadata rebuild: An attempt to write a copy of metadata on volume 2 failed and may appear as disk corruption. If failures continue, decrypt volume.

Metadata Write: Volume 2 Returning Errors While Trying To Modify Metadata If Failures Continue, Decrypt Volume

Metadata write: Volume 2 returning errors while trying to modify metadata. If failures continue, decrypt volume

Network Policy Server Denied Access To A User

Network Policy Server denied access to a user.

Network Policy Server Discarded The Accounting Request For A User

Network Policy Server discarded the accounting request for a user.

Network Policy Server Discarded The Request For A User

Network Policy Server discarded the request for a user.

Network Policy Server Granted Access To A User But Put IT On Probation Because The Host Did Not Meet The Defined Health Policy

Network Policy Server granted access to a user but put it on probation because the host did not meet the defined health policy.

Network Policy Server Granted Full Access To A User Because The Host Met The Defined Health Policy

Network Policy Server granted full access to a user because the host met the defined health policy.

Network Policy Server Locked The User Account Due To Repeated Failed Authentication Attempts

Network Policy Server locked the user account due to repeated failed authentication attempts.

Network Policy Server Quarantined A User

Network Policy Server quarantined a user.

Network Policy Server Unlocked The User Account

Network Policy Server unlocked the user account.

OCSP Responder Service Started

OCSP Responder Service Started

OCSP Responder Service Stopped

OCSP Responder Service Stopped

Office 365 Activity Outside USA

Office 365 - Activity Outside USA

Office 365 Owner Added To Group

Office 365 - Owner Added to Group

One Or More Errors Occurred While Processing Security Policy In The Group Policy Objects

One or more errors occurred while processing security policy in the Group Policy objects.

One Or More Rows Have Been Deleted From The Certificate Database

One or more rows have been deleted from the certificate database.

Per User Audit Policy Was Changed

Per User Audit Policy was changed.

Possible Denial Of Service (DoS) Attack

Possible denial-of-service (DoS) attack

RADIUS User Assigned IP

RADIUS User assigned IP

RADIUS User Authenticated

RADIUS User Authenticated

RADIUS User Disconnected

RADIUS User Disconnected

Recovery Of Data Protection Master Key Was Attempted

Recovery of data protection master key was attempted.

RPC Detected An Integrity Violation While Decrypting An Incoming Message

RPC detected an integrity violation while decrypting an incoming message.

Service Start Failure

Service Start Failure

Shutdown Initiate Failed

Shutdown Initiate Failed

SIDs Were Filtered

SIDs were filtered.

Special Groups Logon Table Modified

Special Groups Logon table modified.

SRP Block

SRP Block

Temp Profile Logon

Temp Profile Logon

The ACL Was Set On Accounts Which Are Members Of Administrators Groups

The ACL was set on accounts which are members of administrators groups.

The Audit Filter For Certificate Services Changed

The audit filter for Certificate Services changed.

The Audit Log Was Cleared

The audit log was cleared

The Audit Policy (SACL) On An Object Was Changed

The audit policy (SACL) on an object was changed.

The Certificate Manager Denied A Pending Certificate Request

The certificate manager denied a pending certificate request.

The Certificate Manager Settings For Certificate Services Changed

The certificate manager settings for Certificate Services changed.

The CrashOnAuditFail Value Has Changed

The CrashOnAuditFail value has changed.

The Security Permissions For Certificate Services Changed

The security permissions for Certificate Services changed.

The Windows Firewall Driver Detected Critical Runtime Error Terminating

The Windows Firewall Driver detected critical runtime error. Terminating.

The Windows Firewall Driver Failed To Start

The Windows Firewall Driver failed to start.

The Windows Firewall Service Failed To Initialize The Driver The Service Will Continue To Enforce The Current Policy

The Windows Firewall Service failed to initialize the driver. The service will continue to enforce the current policy.

The Windows Firewall Service Failed To Start

The Windows Firewall Service failed to start.

The Windows Firewall Service Was Unable To Parse The New Security Policy The Service Will Continue With Currently Enforced Policy

The Windows Firewall Service was unable to parse the new security policy. The service will continue with currently enforced policy.

The Windows Firewall Service Was Unable To Retrieve The Security Policy From The Local Storage The Service Will Continue Enforcing The Current Policy

The Windows Firewall Service was unable to retrieve the security policy from the local storage. The service will continue enforcing the current policy.

Threat Intelligence Alert Source IP Threat Indicated

Threat Intelligence Alert - Source IP Threat Indicated

Trusted Domain Information Was Modified

Trusted domain information was modified.

Unexpected Error

Unexpected Error

Windows Service Fails Or Crashes

Windows Service Fails or Crashes

Windows Update Failed

Windows Update Failed

Server Admin Logon

  • Server Admin Logon

Office 365 Login From Risky Anonymous IP Detected

  • Office 365 - Login from Risky Anonymous IP Detected

Office 365 Mailbox Forwarding Rules Created

  • Office 365 - Mailbox Forwarding Rules Created

Office 365 Malware Detected In Email

  • Office 365 - Malware Detected in Email

Office 365 Users Added To Groups

  • Office 365 - Users Added to Groups

Office 365 Users Granting 3rd Party Access

  • Office 365 - Users Granting 3rd Party Access

Proxmox Ceph Osd Shutdown Alert

  • Proxmox - ceph osd shutdown alert

Proxmox Backup To Azure Via Rclone

  • Proxmox Backup to Azure via Rclone

Puppet Cert Request

  • Puppet Cert Request

RDP Detected On Non Standard Port

  • RDP Detected on Non-Standard Port

SIEM High Rest API Usage

SIEM High Rest API usage

Threat Intelligence Alert Destination IP Threat Indicated

Threat Intelligence Alert - Destination IP Threat Indicated

Last modified January 10, 2024