This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Register Now
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
NetWitness Discussions

Windows Off Hours Logins Report

OrnaldoNaqellar
Beginner
Beginner

‎2019-01-11 02:17 AM

Hello,

I have created a build rule:

reference.id ='4624' && ec.activity="Logon" && device.type='winevent_nic' && logon.type !='3' && logon.type !='5'

Based on that rule i have created reports and schedule it to run daily at 23:45 so i can have activity from: 18:00 (

past day)  - 07:45 ( That day).
But i have noticed that i do not get the result correct. I now users that have been logged at 19:00
but there are not showing at report.

Please any advice ?
Labels:
0 Likes
2 REPLIES 2

Anonymous
Not applicable

‎2019-01-13 10:51 PM

hello, question here. is your event detected? and date timestamp is parsed?

0 Likes

OrnaldoNaqellar
Beginner
Beginner
In response to Anonymous

‎2019-01-14 02:50 AM

Hello. yes we are receiving logs from our AD with windows events. Even with the time stamp

0 Likes
© 2022 RSA Security LLC or its affiliates. All rights reserved.