Build a great reporting interface using Splunk, one of the leaders in the Security Information and Event Management (SIEM) field, linking the collected Windows events to www.eventid.net. The EventId.Net for Splunk Add-on assumes that Splunk is collecting information from Windows servers and workstation via the Splunk Universal Forwarder.
|Source: Live Communications Server|
There were <value> unauthorized messages in the last <value> minutes. The last one had the FROM header: sip:<email address>.
|English: Request a translation of the event description in plain English.|
From a newsgroup post: "When a user logs in, for the first time the request he sends to the server is not authenticated. The server sends a SIP challenge response to which the client provides the right credentials and establishes a secure connection with the server. There is currently no good way to distinguish between the first unauthenticated request sent by a regular good client and requests sent by unauthenticated rogue client trying to attack the server. This event log just says how many unauthenticated requests the server received in the last <value> minutes. In proper deployments these are benign event logs generated by regular clients. But in the case of some kind of attack, this event logs will give a hint of what is happening in the network".
|Private comment: Subscribers only. See example of private comment|
|Search: Google - Bing - Microsoft - Yahoo - EventID.Net Queue (0) - More links...|
Send comments or solutions
- Notify me when updated