we have an incident on Siem tools saying that 'Failed Connections' alerts were detected by XDR Analytics on 9 hosts involving user nt authority\system cmd: C:\WINDOWS\System32\svchost.exe -k NetSvcs -p -s iphlpsvc) Can anyone advise what these failed connections are
failed remote ip: 10.20.0.3,10.40.0.6,10.1.0.8,192.168.106.8,192.168.50.11,10.144.40.15,192.168.2.15,10.10.10.19,10.5.36.19,192.168.128.21,192.168.0.26,10.144.40.27,10.5.38.28,192.168.86.30,10.144.40.32,192.168.86.35,192.168.16.36,192.168.2.37,10.219.134.40,192.168.0.43,192.168.0.44,10.67.136.49,192.168.16.50,192.168.22.50,192.168.14.52,10.144.40.53,192.168.0.54,10.1.2.50,192.168.68.56,10.5.166.57,192.168.32.65,192.168.16.70,10.0.0.74,192.168.12.81,192.168.2.82,192.168.0.84,192.168.0.92,192.168.4.106,192.168.30.108,10.30.150.113,10.69.6.114,10.10.0.117,192.168.30.118,192.168.30.121,10.0.0.122,172.24.62.139,192.168.68.140,192.168.30.146,10.36.74.148,192.168.30.149,10.10.10.154,192.168.30.166,10.5.38.167,10.211.76.192.168.3.161,192.168.1.165,192.168.1.182,10.148.85.189,192.168.31.195,192.168.11.214,172.17.13.218,192.168.1.225,192.168.199.227,192.168.1.229:64516,57866,50186,53264,57369,63517,56360,59945,55346,63539,53815,63032,64058,52794,59473,52307,64086,62039,58969,51806,54878,58466,51815,49262,53876,50805,50300,49276,62590,61567,52358,61065,49290,53903,50327,58541,53936,59570,59573,57529,50366,53957,63174,55495,62668,50896,49874,58075,49373,58590,64740,59111,54515,51444,64768,59141,
... View more