Dear Team,
I need your support for creation of report which will provide me invalid login attempts from user IDs and after that, if a successful login occurs from the same user ID to any machine.
Thanks in advance.
I’m not sure Bigfix is the right tool for that. I think you’d need to look for a log management / SIEM tool for that. In my environment we’d use Splunk; I think the IBM offering “QRadar” is equivalent but not really sure.
Thanks for your response. I can understand that Big fix may not have option to provide correlation however,
Can we create these two as separate reports.
-
Creation of report which will provide invalid login attempts.
-
Successful login with in same time period.
I guess both type of info is available in event logs, you have to find a way to either copy this info any file with specific value or you can use any third party tool to capture such info & put into a file, from there you can call it & after that you will be able to see or able to print into webreport.
Basic way is how you will do it manually, once you got the way you can create the same process using BIGFIX.
4625 : An account failed to log on
4624 : An account was successfully logged
Data is required for 2 event IDs mentioned… Is it possible to create a script basis this.
I agree with @JasonWalker, Bigfix isn’t the right tool.
However, you seem determined to pursue this solution.
The documentation you need can be found at http://support.bigfix.com/inspectors/System%20Objects_Any.html#event%20log
Thanks, I will go through above documentation and come back with queries, if any,