Microsoft Secure Tech Accelerator
Apr 03 2024, 07:00 AM - 11:00 AM (PDT)
Microsoft Tech Community

Difference between computer and workstation in sentinel

Copper Contributor
Can someone help me with the query. We have started working on sentinel as our primary SIEM tool. We get few login failure alerts. When investigating the event details of the alert, i see that there is computer and workstationname column. Can someone help me understand the difference between them.
1 Reply
Is this the alert "Excessive Windows logon failures" which uses the SecurityEvent data?

https://docs.microsoft.com/en-us/azure/azure-monitor/reference/tables/securityevent

I'm pretty sure WorkstationName is the Network remote logon request origin https://social.msdn.microsoft.com/Forums/en-US/ec183e80-2388-4582-87d0-47b34bc707ad/how-to-write-win...