Forum Discussion
An actor on NULL - ATP
I’m getting a lot of these messages below, I’m not sure what to do with them, tracing via my siem the process involved is lsass.exe, my suspicion is that it is Rapid7 performing vulnerability scans b...
Also seeing quite a few of these. Annoyingly we are unable to view the KQL behind the alert for this so unable to determine the source for this.
Anyone at MS know how to get more detailed information for these alerts?
Anyone at MS know how to get more detailed information for these alerts?