You have new problems when you watch NTLM authentication on your network. Better event data helps you see who uses resources. It also shows where logon failures happen. When you look at Windows Event 8004, sensors now show server names and destination computers for failed tries. These changes help you find strange actions. They also lower false alarms a…