Sep 10 2021 02:42 PM
We received a LOW ASC Alert regarding an attack to 116 IP addresses.
"Network traffic analysis detected anomalous incoming Remote Desktop Protocol (RDP) communication to 13.65.113.217, associated with your resource 4255c1da87924ebda2e54616ea906f74, from multiple sources."
Neither of these incoming IP address nor the Resource are part of our Azure environment. I searched and found the IP is part of MS but not sure about the Compromised Host "4255c1da87924ebda2e54616ea906f74".
This has been reported as a Brute Force and our CISO is wanting some type of comment regarding the resolution. I see it as a false/positive activity from Microsoft but need to make sure. Has anyone ran into this type of Alert before?
Cheers,
Serge
Sep 13 2021 04:35 PM
Sep 14 2021 07:51 AM