cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Duplicate Events in IdentityLogonEvents table

BrianAndersen
Copper Contributor

‎Feb 23 2024 02:00 AM

‎Feb 23 2024 02:00 AM

Duplicate Events in IdentityLogonEvents table

We have been experiencing "duplicate" events in the IdentityLogonEvents Table since 2024-02-14.

 

The only difference i can see in the events are that the Application field in one event is "Active Directory" and in the other event it's "Microsoft Active Directory".

BrianAndersen_1-1708681429239.png

 

Also the ReportId fiels is different between the two, in the sense that the event with "Microsoft Active Directory" appends a string to the ReportId.

BrianAndersen_0-1708681391761.png

 

Is there a way to avoid this duplication of the events?

Or what is the reason for this?

 

Running Azure Advanced Threat Protection Sensor version 2.230.17681.9355.

311 Views
1 Like
1 Reply
Reply
1 Reply
BrianAndersen

‎Feb 26 2024 04:18 AM

‎Feb 26 2024 04:18 AM

Re: Duplicate Events in IdentityLogonEvents table

The logs with Application name "Microsoft Active Directory" has disappeared from our IdentityLogonEvents table.

 

So we have no duplicate logs anymore.

0 Likes
Reply