I am getting Multiple Failed Logons alert for user accounts that don't exist.
The alert does not give much info... seems useless in this form.
Any thoughts on what I can do to find out what is initiating the login attempt?
8/12/2019 7:29:43 AM
xx.xx.xx.xx (domain controller)
Cause: User logon with misspelled or bad user account
This entry represents 5 matching events occurring within 600 seconds