An actor on NULL - ATP

Question

I’m getting a lot of these messages below, I’m not sure what to do with them, tracing via my siem the process involved is lsass.exe, my suspicion is that it is Rapid7 performing vulnerability scans but just wanted to check if anyone else had similar issues?

An actor on NULL performed suspicious account enumeration, exposing Guest, while trying to access <computer>

clicking on null, as expected produces an error.

thegift73 · Answer

Also seeing quite a few of these. Annoyingly we are unable to view the KQL behind the alert for this so unable to determine the source for this.

Anyone at MS know how to get more detailed information for these alerts?

Forum Discussion

An actor on NULL - ATP

I’m getting a lot of these messages below, I’m not sure what to do with them, tracing via my siem the process involved is lsass.exe, my suspicion is that it is Rapid7 performing vulnerability scans but just wanted to check if anyone else had similar issues?

An actor on NULL performed suspicious account enumeration, exposing Guest, while trying to access <computer>

1 Reply

Resources