Unknown source of log event
SWuser_123
Newbie ✭
Hi,
We are getting an alert on log ID 32 - Wrong User Password. Though, we are not sure how it's getting triggered. We have 1 open port for SSL VPN which is how (we think) they are trying to access. That's at least what shows in the alert for the destination. When we try to login with a wrong password, it results in log ID 745 - LDAP Authentication Failure. Which we expect.
Any ideas what could be happening?
Thanks
Category: Firewall Management and Analytics
0
Answers
Hello @SWuser_123
Please refer this article:
Page#4 shows how you can use the Source IP to get information on the Source.
Page#11 lists the Event ID.
I hope this helps.