Our SIEM is showing potentially malicious activity from the IP addresses of my colleagues' laptops attempting to use one of our SolarWinds server domain account names to access SMB ports on our firewall.
Has anyone had a similar experience where background activities by SolarWinds triggers "potentially malicious" activity warnings?
The source IP should be SolarWinds in these cases, right? Not the IPs of laptops.
