Windows Security Audit Events
Hi All,
I'm using Zabbix v6.4/Agent 6.4 to monitor my homelab of Windows/Linux servers, Switches and Firewall. Yesterday, I upped my security by enabling Windows auditing to discover constant triggering of the following events:
Log Name: Security
Source: Microsoft-Windows-Security-Auditing
Date: 11/13/2023 8:57:58 PM
Event ID: 5152
Task Category: Filtering Platform Packet Drop
Level: Information
Keywords: Audit Failure
User: N/A
Computer: <SERVERNAME>
Description:
The Windows Filtering Platform has blocked a packet.
Application Information:
Process ID: 0
Application Name: -
Network Information:
Direction: Inbound
Source Address: <ZABBIX IP>
Source Port: 40012
Destination Address: <SERVER IP>
Destination Port: 10050
Protocol: 6
Filter Information:
Filter Run-Time ID: 72092
Layer Name: Transport
Layer Run-Time ID: 13
Has any of you noticed these same events? I've also noticed a high CPU usage when applying PCI DSS template which monitors specific Windows event logs.
I'm using Zabbix v6.4/Agent 6.4 to monitor my homelab of Windows/Linux servers, Switches and Firewall. Yesterday, I upped my security by enabling Windows auditing to discover constant triggering of the following events:
Log Name: Security
Source: Microsoft-Windows-Security-Auditing
Date: 11/13/2023 8:57:58 PM
Event ID: 5152
Task Category: Filtering Platform Packet Drop
Level: Information
Keywords: Audit Failure
User: N/A
Computer: <SERVERNAME>
Description:
The Windows Filtering Platform has blocked a packet.
Application Information:
Process ID: 0
Application Name: -
Network Information:
Direction: Inbound
Source Address: <ZABBIX IP>
Source Port: 40012
Destination Address: <SERVER IP>
Destination Port: 10050
Protocol: 6
Filter Information:
Filter Run-Time ID: 72092
Layer Name: Transport
Layer Run-Time ID: 13
Has any of you noticed these same events? I've also noticed a high CPU usage when applying PCI DSS template which monitors specific Windows event logs.