I’m getting a lot of these messages below, I’m not sure what to do with them, tracing via my siem the process involved is lsass.exe, my suspicion is that it is Rapid7 performing vulnerability scans but just wanted to check if anyone else had similar issues?
An actor on NULL performed suspicious account enumeration, exposing Guest, while trying to access <computer>