I installed SEM a year ago and set up some event notices with the help of an outside consultant. I understand how to set them up and email results. Mine is a windows network with 70 nodes.
I just changed the network admin password and I am seeing a lot of failed admin logins. 10 or so in a row. I have configured the emails to show as much useful data as I can.
This user account: logon failure "**********\********"
At: 2022-03-28 07:39:33.0
From: FileServer.*********.com
Source Machine: 10.0.0.221
Destination Machine: FileServer.***********.com Destination Account: admin
Reason: unknown user name or bad password.
Extraneous Info:sourceport: 49900; call-processname: -;
Why do I see 10 attempts in less than a minute is my first question
(Domain and login name commented out.)