Forum Discussion
Difference between computer and workstation in sentinel
Can someone help me with the query. We have started working on sentinel as our primary SIEM tool. We get few login failure alerts. When investigating the event details of the alert, i see that there i...
Is this the alert "Excessive Windows logon failures" which uses the SecurityEvent data?
https://docs.microsoft.com/en-us/azure/azure-monitor/reference/tables/securityevent
I'm pretty sure WorkstationName is the Network remote logon request origin https://social.msdn.microsoft.com/Forums/en-US/ec183e80-2388-4582-87d0-47b34bc707ad/how-to-write-windows-security-event-log-using-authzreportsecurityevent-like-system-audit-log
https://docs.microsoft.com/en-us/azure/azure-monitor/reference/tables/securityevent
I'm pretty sure WorkstationName is the Network remote logon request origin https://social.msdn.microsoft.com/Forums/en-US/ec183e80-2388-4582-87d0-47b34bc707ad/how-to-write-windows-security-event-log-using-authzreportsecurityevent-like-system-audit-log