You are using an out of date browser. It may not display this or other websites correctly. You should upgrade or use an alternative browser.
security rules
About this tag
Discussions tagged with security rules on WindowsForum.com focus on configuring and troubleshooting detection rules for suspicious logins and network activity. A recurring theme involves analyzing Windows Event ID 4624 (successful logon) and using tools like QRadar to flag external IPs attempting to access Exchange servers. Users debate whether connections from Microsoft datacenter IPs are legitimate or fraudulent, often cross-referencing fraud scores from services like IPQualityScore. The tag covers practical scenarios for setting up geo-based login rules, interpreting event logs, and distinguishing false positives from genuine threats in enterprise environments.
Hello dear friends.
I wanted to ask you about some logs that from my exchange server which i catch with qradar. They are all with qid: 5000830 or eventid:4624 which is a successful login to a server or anything.
I use a rule which tells me if someone logs in to the exchange server from an...
cybersecurity
data security
event id
exchange server
external access
false positives
firewall
fraudulent ip
ip logs
ip quality score
isp tracking
login events
microsoft
network security
password management
qradar
security audits
securityrules
user management