EV - NetLogon Vulnerability Event Detected
Summary
This document outlines how to check the eventlog database table for event IDs (5827, 5828, 5829) related to the Netlogon vulnerability identified in CVE-2020-1472.
For more information, please refer to the following link: How to Manage the Changes in Netlogon Secure Channel Connections Associated with CVE-2020-1472.
Target
- Servers - Domain Controllers