Failed Logons
A large number of failed logon attempts occurring within a certain period of time could be an indication of a security threat. The Failed Logons sub-panel provides critical information identifying all logon failures and provides important information to:
• Identify users and nodes where very large number of failures occurred.
• Show trend lines over time to help investigate security incidents and determine if a pattern of attack is identified.
• Displays clear reasons for logon failures.
Visuals
- Failed User Logons – Bar chart of failed logon users for specified time frame. Click on a user to view where failure occurred, reasons for failure and target hosts. Right-click on a user and drill down to ‘Details’ to view a detailed report that can be downloaded or emailed
- Failed Logons Trend – Graph indicating trend of failed logon activity for specified time frame. Click on a peak to view what caused the peak.
- Failed Logon Nodes – Number of logon failures from a source IP address. This is where logon failures are occurring.
- Logon Operations – Displays the types of logon events that caused failures.
- Logons Failure Reasons – Displays the reasons for logon failures.