4 Replies Latest reply on Dec 13, 2016 9:23 AM by andy777

    Signature ID explaination

    kevinsweeting

      Good Afternoon,

       

      I've just started working with SIEM (9.6.0 MR 3 Combo box) and would like to know what each part in a signature ID represents.

       

      I've seen this information somewhere, but am unable to find it now.

       

      For example the signature id "43-263047400" (Account lockout).

       

      I have figured out already that the 43-263047400 represents the event id in windows. What meaning do the other parts of the id represent?

       

      Is someone able to explain or point me to some documentation on this please?

       

      Kindly advise.

       

      Regards,

      K