Regex ID | Rule Name | Rule Type | Common Event | Classification |
1011091 | V 2.0 : EVID 4769-4770 : Kerberos TGS Messages | Base Rule | General Audit Message | Other Audit |
V 2.0 : EVID 4769 : TGS Ticket Issued | Sub Rule | Object Accessed | Access Success |
V 2.0 : EVID 4769 : TGS Request Denied Invalid Usr | Sub Rule | Access Object Failure | Access Failure |
V 2.0 : EVID 4769 : TGS Request Denied Invld Cert | Sub Rule | Access Object Failure | Access Failure |
V 2.0 : EVID 4769 : TGS Request Denied Credentls | Sub Rule | Access Object Failure | Access Failure |
V 2.0 : EVID 4769 : TGS Request Denied Pswrd Exp | Sub Rule | Access Object Failure | Access Failure |
V 2.0 : EVID 4769 : TGS Request Denied Bad Expird | Sub Rule | Access Object Failure | Access Failure |
V 2.0 : EVID 4770 : TGS Ticket Renewed | Sub Rule | Object Accessed | Access Success |
V 2.0 : Credentials For Server Have Been Revoked | Sub Rule | Access Revoked Activity | Access Revoked |
V 2.0 : TGT Has Been Revoked | Sub Rule | Access Revoked Activity | Access Revoked |
V 2.0 : General Kerberos Failure | Sub Rule | Authentication Failure Activity | Authentication Failure |
V 2.0 : Clock Skew Too Great | Sub Rule | Clock Skew Too Great | Warning |
V 2.0 : EVID 4769 : Serv Principal Valid Usr2Usr | Sub Rule | Domain Trust Information | Information |
V 2.0 : Field Is Too Long For This Implementation | Sub Rule | Field Is Too Long | Error |
V 2.0 : Generic Error | Sub Rule | Generic Error | Error |
V 2.0 : Inappropriate Type Of Checksum In Message | Sub Rule | Inappropriate Type Of Checksum | Error |
V 2.0 : Incorrect Message Direction | Sub Rule | Incorrect Message Direction | Error |
V 2.0 : Incorrect Sequence Number In Message | Sub Rule | Incorrect Sequence Number | Error |
V 2.0 : Integrity Check On Decrypted Field Failed | Sub Rule | Integrity Check On Decrypted Field Failed | Warning |
V 2.0 : Invalid Message Type | Sub Rule | Invalid Message Type | Error |
V 2.0 : Message Out Of Order | Sub Rule | Message Out Of Order | Error |
V 2.0 : Message Stream Modified | Sub Rule | Message Stream Modified | Information |
V 2.0 : Ticket Not Eligible For Postdating | Sub Rule | Modify Object Attribute Failure | Access Failure |
V 2.0 : Client Database Entry Has Expired | Sub Rule | User Logon Failure | Authentication Failure |
V 2.0 : KDC Has No Support For Padata Type | Sub Rule | User Logon Failure | Authentication Failure |
V 2.0 : Specified Version Of Key Is Not Available | Sub Rule | User Logon Failure | Authentication Failure |
V 2.0 : Client Not Yet Valid | Sub Rule | User Logon Failure | Authentication Failure |
V 2.0 : Server Not Found In Kerberos Database | Sub Rule | User Logon Failure | Authentication Failure |
V 2.0 : Additional Pre-authentication Required | Sub Rule | User Logon Failure | Authentication Failure |
V 2.0 : Requested Start Time Is Later Than End Tim | Sub Rule | User Logon Failure | Authentication Failure |
V 2.0 : Ticket And Authenticator Do Not Match | Sub Rule | User Logon Failure | Authentication Failure |
V 2.0 : Protocol Version Mismatch | Sub Rule | User Logon Failure | Authentication Failure |
V 2.0 : The Ticket Is Not For Us | Sub Rule | User Logon Failure | Authentication Failure |
V 2.0 : Pre-auth Information Was Invalid | Sub Rule | User Logon Failure | Authentication Failure |
V 2.0 : Service Key Not Available | Sub Rule | User Logon Failure | Authentication Failure |
V 2.0 : Server Not Yet Valid | Sub Rule | User Logon Failure | Authentication Failure |
V 2.0 : Multiple Principal Entries In Database | Sub Rule | User Logon Failure | Authentication Failure |
V 2.0 : Ticket Not Yet Valid | Sub Rule | User Logon Failure | Authentication Failure |
V 2.0 : Alternative Authentication Method Required | Sub Rule | User Logon Failure | Authentication Failure |
V 2.0 : Incorrect Net Address | Sub Rule | User Logon Failure | Authentication Failure |
V 2.0 : Client Key Encrypted In Old Master Key | Sub Rule | User Logon Failure | Authentication Failure |
V 2.0 : Server Database Entry Has Expired | Sub Rule | User Logon Failure | Authentication Failure |
V 2.0 : Server Key Encrypted In Old Master Key | Sub Rule | User Logon Failure | Authentication Failure |
V 2.0 : Client Or Server Has Null Key | Sub Rule | User Logon Failure | Authentication Failure |
V 2.0 : Ticket Expired | Sub Rule | User Logon Failure | Authentication Failure |
V 2.0 : Request Is A Replay | Sub Rule | User Logon Failure | Authentication Failure |
V 2.0 : KDC Has No Support For Transited Type | Sub Rule | User Logon Failure | Authentication Failure |
V 2.0 : KDC Has No Support For Checksum Type | Sub Rule | User Logon Failure | Authentication Failure |
V 2.0 : KDC Cannot Accomodate Request Option | Sub Rule | User Logon Failure | Authentication Failure |