Managed Sentinel – Alert 125

Alert IDMS-A125
Alert NameWindows security audit log is full
DescriptionThis alert is triggered when securtiy audit log is full and no logging can be done on the particular Windows server.
Severity LevelInformational
Threat IndicatorSystem monitoring impact
MITRE ATT&CK TacticsDefense Evasion
Log sourcesWindows Security Event Log
False Positives
Recommendations1. Identify the system(s) that have been affected
2. Review Windows audit log to understand if any large volume of specific event types are collected, which can be an indicator of Operational malfunction
3. Manually clear audit logs table on the Windows system