I logged into my LEM this morning and had over 500 alerts in my email for Domain ANONYMOUS LOGON by. This triggers a 'domain modification' rule that I have set. I have the rule set as follows:
auditable events (all).source account NOT EQUAL to admin accounts, admin groups or $
I'm just wondering if this is something I should be concerned with? I done some research and understand that the c:\ system files will 'logon' when executing tasks in and around the file system.
Thanks in advance,