Monitor unlimited number of servers
Filter log events
Create email and web-based reports

Direct access to Microsoft articles
Customized keywords for major search engines
Access to premium content

Event ID: 16436 Source: LiveCommunicationsServer

Level
Description
There were <value> unauthorized messages in the last <value> minutes. The last one had the FROM header: sip:<email address>.
Comments
 
From a newsgroup post: "When a user logs in, for the first time the request he sends to the server is not authenticated. The server sends a SIP challenge response to which the client provides the right credentials and establishes a secure connection with the server. There is currently no good way to distinguish between the first unauthenticated request sent by a regular good client and requests sent by unauthenticated rogue client trying to attack the server. This event log just says how many unauthenticated requests the server received in the last <value> minutes. In proper deployments these are benign event logs generated by regular clients. But in the case of some kind of attack, this event logs will give a hint of what is happening in the network".

Windows Event Log Analysis Splunk App

Build a great reporting interface using Splunk, one of the leaders in the Security Information and Event Management (SIEM) field, linking the collected Windows events to www.eventid.net.

Read more...

 

Cisco ASA Log Analyzer Splunk App

Obtain enhanced visibility into Cisco ASA firewall logs using the free Firegen for Cisco ASA Splunk App. Take advantage of dashboards built to optimize the threat analysis process.

Read more...