Account Lockout Detection
Summary
This monitor detects account lockouts.
Details
Windows Machines
| Check Action | Server Address | Check Type | Check Value | Comparator | Interval | Result |
|---|---|---|---|---|---|---|
| System | 127.0.0.1 | Run File | See Below | Missing | 15 |
Check Value:
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -ExecutionPolicy Bypass -Command "Get-WinEvent -ErrorAction SilentlyContinue -FilterHashtable @{LogName='Security'; Id=4740} | Where-Object {$_.TimeCreated -gt (Get-Date).AddMinutes(-15)} | Select-Object -ExpandProperty TimeCreated"
Dependencies
Target
Windows OS