Kerberoasting Excessive SPN Requests seen when domain user login to system manager
Applies to
ONTAP 9.9.1P9+
Issue
- When domain user login to system manager using domain tunnel, event ID 4769 reported for that user multiple times in DC.
- Event ID 4769 is a security log event that records when a user requests a service ticket from a Domain Controller.
- As multiple events(more than 20 events in 5 minutes) reported from same user at a time, Kerberoasting detection happens in DC.