Managed Sentinel – Alert 125
| Alert ID | MS-A125 |
| Alert Name | Windows security audit log is full |
| Description | This alert is triggered when securtiy audit log is full and no logging can be done on the particular Windows server. |
| Severity Level | Informational |
| Threat Indicator | System monitoring impact |
| MITRE ATT&CK Tactics | Defense Evasion |
| Log sources | Windows Security Event Log |
| False Positives | |
| Recommendations | 1. Identify the system(s) that have been affected 2. Review Windows audit log to understand if any large volume of specific event types are collected, which can be an indicator of Operational malfunction 3. Manually clear audit logs table on the Windows system |