User Profile
AlexCherFS
Copper Contributor
Joined 3 years ago
User Widgets
Recent Discussions
Re: Suspected brute-force attack (Kerberos, NTLM) azure ATP
Curious if you were able to make progress with this? Seeing similar alerts from an Exchange server with suspected brute-force to many accounts. Wondering if it's a false positive since Exchange server would generate failed login alert whenever anyone would fail to login from remote devices too. Thoughts?13KViews0likes0CommentsRe: exclude users from Suspected brute-force attack (Kerberos, NTLM)
Hi Jeroen, The only option to exclude Users that I was able to find is by excluding them globally under Excluded Entities / Global Excluded Entities / Users in the MDI portal (which would of course prevent other alerts from being triggered for them). Otherwise, the per alert exclusion allows only Devices and IP Addresses, like you mentioned. Can you pull a list of these users' machines and exclude them under devices perhaps?1.6KViews0likes0CommentsNot able to load Devices to Tag as Sensitive in MDI
Hi all, I'm able to enumerate the groups and users but not the devices when attempting to add a tag as a sensitive device or Exchange server. I tried several times, refreshed, in different browsers, etc but keep getting "Failed to load data. Please try again later". I have sensors added to all DCs. Any ideas are appreciated (see screenshot):1.3KViews0likes1Comment
Groups
Recent Blog Articles
No content to show