I have a firewall that is showing failed login attempts from my Solarwinds server. The account should be svc-xxxx but the failed login is from svc_xxxx. How can I find where that incorrect login is coming from? I checked the node (its using snmp, but also Palo Alto poling) and thats not it. I searched in alerts and activity and looked at Audit info, but don't see it.
Is there a report I can run or a database query I can use to find ALL credentials attempted on a specific device?
thank you
