An actor on NULL - ATP

Zer0 · ‎Oct 17 2023

I’m getting a lot of these messages below, I’m not sure what to do with them, tracing via my siem the process involved is lsass.exe, my suspicion is that it is Rapid7 performing vulnerability scans but just wanted to check if anyone else had similar issues?

An actor on NULL performed suspicious account enumeration, exposing Guest, while trying to access <computer>

clicking on null, as expected produces an error.

TheGift73 · ‎Nov 17 2023

Also seeing quite a few of these. Annoyingly we are unable to view the KQL behind the alert for this so unable to determine the source for this.

Anyone at MS know how to get more detailed information for these alerts?

Products (50)

Special Topics (27)

Video Hub (462)

Most Active Hubs

Most Active Hubs

Video Hub

An actor on NULL - ATP

An actor on NULL - ATP

I’m getting a lot of these messages below, I’m not sure what to do with them, tracing via my siem the process involved is lsass.exe, my suspicion is that it is Rapid7 performing vulnerability scans but just wanted to check if anyone else had similar issues?

An actor on NULL performed suspicious account enumeration, exposing Guest, while trying to access <computer>

Re: An actor on NULL - ATP