Forum Discussion

viper1848's avatar
viper1848
Copper Contributor
Apr 17, 2019
Solved

Need to confirm if the Azure sensor domain account should be logging into computers

I need to confirm if the Azure sensor domain account should be logging into computers through the DC's. Below is an example of one of the event id's were are seeing on the user workstations.   Log ...
  • EliOfek's avatar
    EliOfek
    Apr 17, 2019

    viper1848 , Yes, it can happen in a few cases, one of them is building the lateral movement path, for which we login to the workstation to query the local admin member group.

     

EliOfek's avatar
EliOfek
Icon for Microsoft rankMicrosoft
Apr 17, 2019

viper1848 , Yes, it can happen in a few cases, one of them is building the lateral movement path, for which we login to the workstation to query the local admin member group.

 

viper1848's avatar
viper1848
Copper Contributor
Apr 18, 2019

EliOfek 

That is a relief instead of me thinking our domain account has been compromised.

Resources