Resolution
goal
How do I build a VigilEnt Security Agent for Windows Detect rule to alert on certain user accounts logging into Windows NT or 2000 servers?
fact
VigilEnt Security Agent for Windows 2.X
fact
VigilEnt Security Agent for Windows 3.X
fact
VigilEnt Security Agent for Windows 4.0
fix
How do I build a VigilEnt Security Agent for Windows Detect rule to alert on certain user accounts logging into Windows NT or 2000 servers?
fact
VigilEnt Security Agent for Windows 2.X
fact
VigilEnt Security Agent for Windows 3.X
fact
VigilEnt Security Agent for Windows 4.0
fix
In the VigilEnt Security Agent for Detect GUI, follow these steps:
- Click Rule | New.
- Select Event Log Rule and click Next.
- Right-click the AND statement and create the rule as shown below:
AND
+ LogName == Security
+ messageID == 528
AND
OR
+ accountName ~= [username]
+ accountName ~= [username] - Click Next to set the Actions for the rule.
- Click Next again and name the rule.
- Click Finish.
- Save the detect.xml file by clicking Config File, Save or by clicking the Save button.
Additional Information
Formerly known as NETIQKB31699