09-06-2019 01:38 PM
We have been seeing SMB: User Password Brute Force Attempt threats coming into our logs. We are not seeing a UN accompanied with the the traffic and the are using port 445. This just popped up recently and we are not seeing anything malicious on the client or the DC which is being reached out to. We are trying to identify what might be causing this and are curious if anyone else is seeing this.