https://community.cisco.com/t5/network-security/windows-login-signatures/m-p/495569#M97782 <HTML><HEAD></HEAD><BODY><P>There are signautres for SMB failed logins but those cover attaching to a network share. There are signatures for failed FTP logins. If there are or there are not similar for Windows domain (not local logins) logins I'd like to know as well. Also for the other O/S I mentioned Unix and MAC. Using IDS I can set the severity to high so I get an alert when it fires.</P></BODY></HTML> Wed, 17 Aug 2005 17:57:40 GMT 5creedus 2005-08-17T17:57:40Z https://community.cisco.com/t5/network-security/windows-login-signatures/m-p/495567#M97753 <P>Which signature(s) would I use to track failed login attempts to the following O/S?</P><P>Windows, Unix and MAC</P> Sun, 10 Mar 2019 09:35:21 GMT https://community.cisco.com/t5/network-security/windows-login-signatures/m-p/495567#M97753 5creedus 2019-03-10T09:35:21Z https://community.cisco.com/t5/network-security/windows-login-signatures/m-p/495568#M97769 <HTML><HEAD></HEAD><BODY><P></P><P>I'm not sure how you plan to 'sense' login attempts since all are encrypted. (NTLM, Kerberos...)</P><P>You should rather think of using event loggin on the windows platform itself.</P><P></P><P>Sasa</P></BODY></HTML> Wed, 17 Aug 2005 17:42:30 GMT https://community.cisco.com/t5/network-security/windows-login-signatures/m-p/495568#M97769 sasa.rasovic 2005-08-17T17:42:30Z https://community.cisco.com/t5/network-security/windows-login-signatures/m-p/495569#M97782 <HTML><HEAD></HEAD><BODY><P>There are signautres for SMB failed logins but those cover attaching to a network share. There are signatures for failed FTP logins. If there are or there are not similar for Windows domain (not local logins) logins I'd like to know as well. Also for the other O/S I mentioned Unix and MAC. Using IDS I can set the severity to high so I get an alert when it fires.</P></BODY></HTML> Wed, 17 Aug 2005 17:57:40 GMT https://community.cisco.com/t5/network-security/windows-login-signatures/m-p/495569#M97782 5creedus 2005-08-17T17:57:40Z https://community.cisco.com/t5/network-security/windows-login-signatures/m-p/495570#M97817 <HTML><HEAD></HEAD><BODY><P>But ftp logins are in clear text. The similiar stands for smb null logins...those signatures are mostly not user adjustible.</P><P></P><P>I suppose you should check with CSA for that.</P><P></P><P></P></BODY></HTML> Wed, 17 Aug 2005 18:21:03 GMT https://community.cisco.com/t5/network-security/windows-login-signatures/m-p/495570#M97817 sasa.rasovic 2005-08-17T18:21:03Z