Investigate > Activity Log > Queries > Failed Log in

%3CLINGO-SUB%20id%3D%22lingo-sub-1823912%22%20slang%3D%22en-US%22%3EInvestigate%20%26gt%3B%20Activity%20Log%20%26gt%3B%20Queries%20%26gt%3B%20Failed%20Log%20in%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1823912%22%20slang%3D%22en-US%22%3E%3CP%3EWe%20run%20this%20query%20every%20Monday%20and%20usually%20see%20activity%20up%20to%20the%20current%20date%2C%20however%20yesterday%20when%20we%20ran%20we%20only%20saw%20up%20to%20the%2024th(10%2F24).%26nbsp%3B%20We%20know%20that%20we%20have%20a%20service%20account%20that%20runs%20over%20the%20weekend%20that%20usually%20creates%20events%20but%20they%20were%20not%20found.%26nbsp%3B%20Were%20their%20any%20updates%20that%20would%20cause%20this%20issue%3F%26nbsp%3B%20We%20have%20checked%20the%20sensors%20and%20they%20seem%20to%20be%20reporting%2C%20is%20there%20a%20way%20to%20confirm%20all%20activity%20is%20being%20recorded%20by%20the%20sensors%20in%20AD%3F%3C%2FP%3E%3CP%3EThanks%2C%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3ESerge%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-LABS%20id%3D%22lingo-labs-1823912%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3EFailed%20Log%20in%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EThreat%20Protection%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E
Highlighted
Occasional Contributor

We run this query every Monday and usually see activity up to the current date, however yesterday when we ran we only saw up to the 24th(10/24).  We know that we have a service account that runs over the weekend that usually creates events but they were not found.  Were their any updates that would cause this issue?  We have checked the sensors and they seem to be reporting, is there a way to confirm all activity is being recorded by the sensors in AD?

Thanks,

 

Serge

0 Replies