You are using an out of date browser. It may not display this or other websites correctly. You should upgrade or use an alternative browser.
login events
About this tag
Login events on Windows systems, particularly event ID 4624 for successful logins, are critical for security monitoring. In a recent discussion, a user reported suspicious login events on an Exchange server from external IPs attributed to Microsoft Corporation datacenters, raising concerns about potential fraud. The thread explores how to distinguish legitimate Microsoft services from malicious activity using tools like QRadar and IP reputation checks. This tag covers troubleshooting login event anomalies, interpreting security logs, and identifying false positives in enterprise environments.
Hello dear friends.
I wanted to ask you about some logs that from my exchange server which i catch with qradar. They are all with qid: 5000830 or eventid:4624 which is a successful login to a server or anything.
I use a rule which tells me if someone logs in to the exchange server from an...
cybersecurity
data security
event id
exchange server
external access
false positives
firewall
fraudulent ip
ip logs
ip quality score
isp tracking
loginevents
microsoft
network security
password management
qradar
security audits
security rules
user management