Nagios Support Forum

Hello,

I would like to know if there is a way to perform a search in Log Server that dictates if one specific event is found then look for another event to occur immediately after? Sort of an if this/than that search.

We're trying to find a way to search for a potential security vulnerability described in this article: https://thehackernews.com/2020/09/detec ... tical.html

It says to look for Windows event ID 4742 followed by or combined with event ID 4672 (the would involve the same SubjectUserName or Account Name.

Thank you.

I also found this article: https://www.lares.com/blog/from-lares-l ... 2020-1472/

I'm having trouble searching for multiple event IDs at the same time and I'm not sure what I'm doing wrong. When I search them separately I get results, but when I search both I only get one or the other.

There is no way to specifically have a single search trigger another

rferebee wrote:I'm having trouble searching for multiple event IDs at the same time and I'm not sure what I'm doing wrong. When I search them separately I get results, but when I search both I only get one or the other.

This should be able to be accomplished with something like

Ok, I'll try that. Thank you.

rferebee wrote:Ok, I'll try that. Thank you.

No problem

This thread can be locked. Thank you.

rferebee wrote:This thread can be locked. Thank you.

Great!

Locking thread