I'm receiving a list of multiple failed logins from different sources to different destinations with different login accounts.
The reports are collected by RSA envision.
I ensure that all the sources have VSE with latest DAT and patches. I also run Conficker Detection tool, but there are anly few detections.
I cleaned all conficker threats to zero detections. I also monitor HIPS logs, but no recorded unusual events.
I picked at least 5 computers from the souces and run getsusp and sent to Mcafee labs and upload to virustotal. but no detections.
The multiple failed logins is still recuring and getting severe, Does anyone has an idea?
Er this is Enterprise I gather so moving the thread to there