Environment
- Carbon Black Cloud Sensor: All Supported Versions
- Microsoft Windows: All Supported Versions
Symptoms
The "Enable auth event collection" setting is enabled but the auth_failed_logon_count search field is always 0
Cause
Resolution
Additional Notes
Engineering is looking into calculating this independently in the future as well so it's not dependent on the Windows setting being enabled
Related Content