https://live.paloaltonetworks.com/t5/advanced-threat-prevention/smb-user-password-brute-force/m-p/383162#M1046 <P>Hello,</P><P>&nbsp;</P><P>Checking server security logs can be helpful.</P><P>To investigate further enabling extended packet capture on ip profile may be helpful.</P><P>*Sometimes also i am seeing this event on logs and considering it as false positive.</P> Sun, 31 Jan 2021 22:58:39 GMT upelister 2021-01-31T22:58:39Z https://live.paloaltonetworks.com/t5/advanced-threat-prevention/smb-user-password-brute-force/m-p/287128#M640 <P>We have been seeing S<SPAN>MB: User Password Brute Force Attempt threats coming into our logs.&nbsp; We are not seeing a UN accompanied with the the traffic and the are using port 445.&nbsp; This just popped up recently and we are not seeing anything malicious on the client or the DC which is being reached out to.&nbsp; We are trying to identify what might be causing this and are curious if anyone else is seeing this.</SPAN></P> Fri, 06 Sep 2019 20:38:46 GMT https://live.paloaltonetworks.com/t5/advanced-threat-prevention/smb-user-password-brute-force/m-p/287128#M640 charlesk 2019-09-06T20:38:46Z https://live.paloaltonetworks.com/t5/advanced-threat-prevention/smb-user-password-brute-force/m-p/383162#M1046 <P>Hello,</P><P>&nbsp;</P><P>Checking server security logs can be helpful.</P><P>To investigate further enabling extended packet capture on ip profile may be helpful.</P><P>*Sometimes also i am seeing this event on logs and considering it as false positive.</P> Sun, 31 Jan 2021 22:58:39 GMT https://live.paloaltonetworks.com/t5/advanced-threat-prevention/smb-user-password-brute-force/m-p/383162#M1046 upelister 2021-01-31T22:58:39Z