Build a great reporting interface using Splunk, one of the leaders in the Security Information and Event Management (SIEM) field, linking the collected Windows events to www.eventid.net. The EventId.Net for Splunk Add-on assumes that Splunk is collecting information from Windows servers and workstation via the Splunk Universal Forwarder.
The Security System detected an attempted downgrade attack for server <server name>. The failure code from authentication protocol Kerberos was "<error message> (<hex error code>)".
|English: This information is only available to subscribers. An example of English, please!|
|Concepts to understand:|
What is the LSA?
What is an authentication protocol?
What is Kerberos?
What is the role of LsaSrv?
For the full list of comments for this problem, see the link to Event ID 40960 from source LSASRV.
|Private comment: Subscribers only. See example of private comment|
|Links: Event ID 40960 from LSASRV|
|Search: Google - Bing - Microsoft - Yahoo - EventID.Net Queue (0) - More links...|
|Custom search for *****: Google - Bing - Microsoft - Yahoo|
Send comments or solutions
- Notify me when updated