Knowledge Base
Event ID 4625 gets logged when an account fails to logon. The log data contains the information about the reason for the failed logon such as a bad username or password.
While failed logons occur routinely in your network, a sudden spike in failed logons would indicate a potential threat as it could be a brute force attack attempt. Administrators must keep tabs on failed logon activity and know the reason for the logon failure in order to ensure network security.
EventLog Analyzer can send out a real-time notification when multiple failed logons occur in a critical system. The real time correlation engine of EventLog Analyzer helps you correlate multiple failed logons followed by a successful one, to instantly detect and mitigate password attacks.