You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Check Releases to make sure your agent is on the latest version.
Details
I am a bot created to help the crowdsecurity developers manage community feedback and contributions. You can check out my manifest file to understand my behavior and what I can do. If you want to use this for your project, you can check out the BirthdayResearch/oss-governance-bot repository.
What happened?
Hello, we are using exchange 2019 cu14 but
It does not prevent crowdsec exchange smtp receive attacks, especially after cu14 has passed.
Has there been a change regarding this? We have installed crowdsec v1.6.1 now, but the situation is the same.
Error logs are as follows and account accounts are locked due to these attacks.
event id: 1035
Inbound authentication failed with error LogonDenied for Receive connector Client Frontend.
Can I ask for your support and information?
What did you expect to happen?
It previously blocked these attacks completely. Can it be fixed again?
How can we reproduce it (as minimally and precisely as possible)?
I wonder if Exchange updates the Windows version, or is there a problem with them?
Anything else we need to know?
No response
Crowdsec version
v1.6.1
OS version
windows server 2019
Enabled collections and parsers
Acquisition config
On Windows:
C:> Get-Content C:\ProgramData\CrowdSec\config\acquis.yaml
PS C:\Windows\system32> get-content c:\programdata\crowdsec\config\acquis.yaml
##RDP
source: wineventlog
event_channel: Security
event_ids:
event_level: information
labels:
type: eventlog
##Firewall
filenames:
labels:
type: windows-firewall
##SQL Server
source: wineventlog
event_channel: Application
event_ids:
event_level: information
labels:
type: eventlog
##IIS
use_time_machine: true
filenames:
labels:
type: iis
PS C:\Windows\system32>
Config show
Related custom configs versions (if applicable) : notification plugins, custom scenarios, parsers etc.
The text was updated successfully, but these errors were encountered: