Idea ID: 2827592

Event ID's need to be added in Windows Connectors Parser

Status : Delivered
8 months ago

Last month Microsoft released a patch for one of the companies most severe bugs ever reported. The bug identified as CVE-2020-1472 was patched in August 2020 but was not made public at the time but this week details have emerged regarding the severity of this 10/10 bug which has been named Zerologon.

https://support.microsoft.com/en-gb/help/4557222/how-to-manage-the-changes-in-netlogon-secure-channel-connections-assoc

From the Soc Monitoring Perspective need to monitor the Event id's related to this.

The event id's 5827,5828,5830,5831 and 5829 are not supported by the MF parser.This been confirmed by the support.

Can you fix this ASAP.

Tags: