On EPO threat event log, I currently have this event with the information below
Event description: Host intrusion detected and hanled
Event Category: Network intruion detected
Event ID: 18001
The affected port is TCP 88.
See snapshot below:
The problem I have here is that the source threat address is an SQL Server while the threat is detected on a desktop pc.
I have been searching for ways on how to approach and deal with this but have not found any article addressing this.
Any ideas or links on pdf documents that will help resolve this will be appreciated.