ATP: workstation has a Domain Controller IP RRS feed

  • Question

  • Hello everyone!

    Today I have received a High severity alert for Suspected DCSync attack. The origin of this attack was a workstation that ATP tell us that has it's right private IP and a secondary IP, the one of our DC. How it can be possible? I've investifated on DNS, on AV client logs, and other auditing tools and everything looks ok. No evidences for any risk on this computer or secondary IP address assigned to this workstation. How it can be possible?

    Thank you.

    Thursday, May 23, 2019 1:00 PM

All replies