Difference between computer and workstation in sentinel

%3CLINGO-SUB%20id%3D%22lingo-sub-2264326%22%20slang%3D%22en-US%22%3EDifference%20between%20computer%20and%20workstation%20in%20sentinel%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2264326%22%20slang%3D%22en-US%22%3ECan%20someone%20help%20me%20with%20the%20query.%20We%20have%20started%20working%20on%20sentinel%20as%20our%20primary%20SIEM%20tool.%20We%20get%20few%20login%20failure%20alerts.%20When%20investigating%20the%20event%20details%20of%20the%20alert%2C%20i%20see%20that%20there%20is%20computer%20and%20workstationname%20column.%20Can%20someone%20help%20me%20understand%20the%20difference%20between%20them.%3C%2FLINGO-BODY%3E%3CLINGO-LABS%20id%3D%22lingo-labs-2264326%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3ECommunity%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E
Regular Visitor
Can someone help me with the query. We have started working on sentinel as our primary SIEM tool. We get few login failure alerts. When investigating the event details of the alert, i see that there is computer and workstationname column. Can someone help me understand the difference between them.
1 Reply
Is this the alert "Excessive Windows logon failures" which uses the SecurityEvent data?

https://docs.microsoft.com/en-us/azure/azure-monitor/reference/tables/securityevent

I'm pretty sure WorkstationName is the Network remote logon request origin https://social.msdn.microsoft.com/Forums/en-US/ec183e80-2388-4582-87d0-47b34bc707ad/how-to-write-win...