Navigation section
Recent content by kingslavcho
-
K
Fraudulent IP connections to my exchange server? False positive or?
I am not sure if you understood my question well.. This IP address is being used to log in to the exchange server we use.. This is one of the many.. I suspect this is an attack because the IP is fraudulent according to the web services i used to check it.. And not all the domain users are used...- kingslavcho
- Post #3
- Forum: Windows Security
-
K
Fraudulent IP connections to my exchange server? False positive or?
Hello dear friends. I wanted to ask you about some logs that from my exchange server which i catch with qradar. They are all with qid: 5000830 or eventid:4624 which is a successful login to a server or anything. I use a rule which tells me if someone logs in to the exchange server from an...- kingslavcho
- Thread
- cybersecurity data security event id exchange server external access false positives firewall fraudulent ip ip logs ip quality score isp tracking login events microsoft network security password management qradar security audits security rules user management
- Replies: 3
- Forum: Windows Security