I received quite a few "Encryption downgrade activity" ATA alerts.
I noticed that the encryption method of the Encrypted_Timestamp field of AS_REQ message from the Hadoop machine account had been downgraded based on previously learned behavior and also that the encryption method of the TGT field of TGS_REQ message from the
FIM server had been downgraded based on previously learned behavior. This keeps happening over and over again for some reasons.
Do you know, by any chance, what might cause the encryption downgrade activity on the Hadoop machine account as well as the FIM server?