23Ağu
Excessive logons from domain controllers
I am quite new to analyzing the windows logs. I have been seeing excessive logons with 4624 and 4625 with the Subject/account name: DomainController(actual name of the domaincontroller is different) to user accounts.
I understand that it makes sense to have logons requests from user machine to the Domain controller. But why there would be excessive logon requests from domain controllers to user accounts that too with misspelled usernames and passwords as Failure reason and the process name as lsass.exe?
