Reduce event noise in the Security log RRS feed

  • Question

  • Is there a way to to reduce the amount of security log / Credential Validation success events?

    Our monitoring system is alerting 10 to 20 times every few minutes

    Log Name:      Security
    Source:        Microsoft-Windows-Security-Auditing
    Date:          3/21/2019 7:21:33 AM
    Event ID:      4776
    Task Category: Credential Validation
    Level:         Information
    Keywords:      Audit Success
    User:          N/A
    Computer:      DC1
    The computer attempted to validate the credentials for an account.

    Logon Account: User1
    Source Workstation: Monitor1
    Error Code: 0x0
    Event Xml:
    <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
        <Provider Name="Microsoft-Windows-Security-Auditing" Guid="{54849625-5478-4994-A5BA-3E3B0328C30D}" />
        <TimeCreated SystemTime="2019-03-21T13:21:33.329184600Z" />
        <Correlation />
        <Execution ProcessID="528" ThreadID="5672" />
        <Security />
        <Data Name="PackageName">MICROSOFT_AUTHENTICATION_PACKAGE_V1_0</Data>
        <Data Name="TargetUserName">User1</Data>
        <Data Name="Workstation">Monitor1</Data>
        <Data Name="Status">0x0</Data>

    I found the following from Solar winds but its not working

    auditpol /set /user:User1 /exclude /subcategory:"Credential Validation"

    Is there away to exclude events by user or by workstation?


    Thursday, March 21, 2019 1:49 PM