Was wondering if anyone else has come across this
.
{"timestamp":"2019-03-06T20:05:15.116+0000","rule":{"level":10,"description":"Windows: Multiple failed attempts to perform a privileged operation by the same user.","id":"18151","frequency":6,"firedtimes":550,"mail":true,"groups":["windows"],"pci_dss":["10.2.4","10.2.5","11.4"],"gdpr":["IV_35.7.d","IV_32.2"]},"agent":{"id":"005","name":"SN-WKS-08","ip":"192.168.150.211"},
"manager":{"name":"SN-LAB-SEC01"},"id":"1551902715.1103192234","previous_output":"2019 Mar 06 13:04:55 WinEvtLog: Security: AUDIT_FAILURE(4673):
Microsoft-Windows-Security-Auditing: (no user): no domain: SN-WKS-08.ad.XXXX.ca: A privileged service was called. Subject:
Security ID: S-1-5-21-2358658803-1195769352-62849749-1226 Account Name: XXXX Account Domain: AD Logon ID: 0x281183 Service: Server: Security
Service Name: - Process:
Process ID: 0x2a6c
Process Name: C:\Users\XXXX\AppData\Local\Programs\Opera\58.0.3135.79\opera.exe
Service Request Information:
Privileges: SeTcbPrivilege\n2019 Mar 06 13:04:55