A host specifically requested
a Kerberos ticket-granting service (TGS) ticket to be encrypted
with weak and deprecated encryption. This provides easy-to-crack
hashes, and is typically a sign of a Kerberoasting attack.
Crack account credentials
by obtaining an easy-to-crack Kerberos ticket.
Check who used the
host at the time of the alert, to rule out a benign service or tool
requesting weak Kerberos encryption.