Forum Discussion
ATP: workstation has a Domain Controller IP
Hello everyone! Today I have received a High severity alert for Suspected DCSync attack. The origin of this attack was a workstation that ATP tell us that has it's right private IP and a secondary I...
We also had a false report of a suspected DCSync attack last week. At the bottom of the alert in the portal, it said "computername> resolved from 192.168.3.7 with low certainty."
That IP address was actually one of our Domain Controllers.
That IP address was actually one of our Domain Controllers.