https://live.paloaltonetworks.com/t5/advanced-threat-prevention/suspicious-remote-domain-account-enumeration-xdr/m-p/577577#M2093 <P>Hello All,<BR />We have received an alert from our XDR Platform regarding Suspicious Remote domain account enumeration : XDR , where we see the Src IP belong to Internal and the process involved is "lsass.exe" and Src Host Name being the one which is not an internal one. <BR />Login Auth Process: NTLM<BR />Login OutCome: Failure<BR />Login Outcome reason: User name doesnt exist'<BR />Dst User Name: see machine which don't belong to our network.</P> <P>We don't see any source of external IP involved in this ? Could you please help us in this what might be the case?</P> Sat, 17 Feb 2024 14:20:10 GMT Naveen4025 2024-02-17T14:20:10Z https://live.paloaltonetworks.com/t5/advanced-threat-prevention/suspicious-remote-domain-account-enumeration-xdr/m-p/577577#M2093 <P>Hello All,<BR />We have received an alert from our XDR Platform regarding Suspicious Remote domain account enumeration : XDR , where we see the Src IP belong to Internal and the process involved is "lsass.exe" and Src Host Name being the one which is not an internal one. <BR />Login Auth Process: NTLM<BR />Login OutCome: Failure<BR />Login Outcome reason: User name doesnt exist'<BR />Dst User Name: see machine which don't belong to our network.</P> <P>We don't see any source of external IP involved in this ? Could you please help us in this what might be the case?</P> Sat, 17 Feb 2024 14:20:10 GMT https://live.paloaltonetworks.com/t5/advanced-threat-prevention/suspicious-remote-domain-account-enumeration-xdr/m-p/577577#M2093 Naveen4025 2024-02-17T14:20:10Z