Enterprise IT Operations

Event “Task “Backup of Administration Server data” completed successfully” happened on computer Administration Server <SYS061> in the domain NETSOLPK on Saturday, November 23, 2024 1:18:15 PM (GMT+05:00)

EventID: 4740
Source: Microsoft-Windows-Security-Auditing
MachineName: Daisy.netsolpk.com
Message: A user account was locked out.

Subject:
        Security ID:            S-1-5-18
        Account Name:           DAISY$
        Account Domain:         NETSOLPK
        Logon ID:               0x3E7

Account That Was Locked Out:
        Security ID:            S-1-5-21-42032015-1380798554-1124750213-51591
        Account Name:           abidinz

Additional Information:
        Caller Computer Name:   NIP077

Hi Tech Support,

We are constantly observing the failed authentication attempts from a single IP address. Details as follows:

  • Attack Type:                     Possible Brute Force Attempt containing Failure Audit: Kerberos pre-authentication failed
  • Date & Time:                     Nov 22, 2024, 10:00:29 PM
  • Source IP :                        10.32.153.54
  • Hostname:                        
  • Username:                       ibrahima2
  • Destination IP:                130.0.0.5
  • Source Port:                    (multiple)
  • Failed Attempts:           31

Critical Services | Test mail | Bandwidth

Hi Eva,

As per over traces emails are not blocking from our end for this sender or domain.

Dear Team,

We have identified an offence of object configuration changed from username: aftabm2. Kindly share the legitimacy of mentioned activity.

Src IP: 10.23.1.27

Dst IP: 130.0.40.243

Username: aftabm2

SS is attached for reference.

Dear Team,

We have identified an offence of object configuration changed from username: aftabm2. Kindly share the legitimacy of mentioned activity.

Src IP: 10.23.1.27

Dst IP: 130.0.40.243

Username: aftabm2

SS is attached for reference.

Hi Concerned,

NS Records of network solution has been successfully updated with Cloud Flare NS Records, and details are mentioned below. Also, screenshots have been shared here for you to look over.

Hi Support Team,


We have observed malicious file available on lap-psd011 host, which has “malware”  . This host is being used by user with id  fareedy .

Please delete the concerned file and any related variants immediately as it’s the violation of NETSOL IP policy.

Please find relevant screenshot below.

Dear Team,

We have identified an Offense . Details as follows:

·         Attack Type:                     NTLM authentication failed

·         Date & Time:                    Oct 2, 2024, 9:48:00 AM

·         Computer Name:         

·         OID:                                      72825

·         Username:                       Multiple (shared in ss)

·         Destination IP:              13.69.109.130

·         Log Source :                     FortiGate @ 130.0.40.243

·         Failed Attempts:            

Kindly identify and share the root cause why these users have failed authentication at almost the same time.  

Dear Team,

I hope you’re all doing well. We are initiating the critical task of implementing encryption on all desktop machines, and it is essential that this activity be completed within the next month.

To track progress and ensure we meet this deadline, please provide me with a weekly report every Friday, starting this week. The report should include details of which machines have had encryption implemented and any challenges or delays encountered.

Your cooperation in this matter is crucial, and I trust we can complete this activity on time.

Dear Amir,

I am writing to inform you about a critical issue we’ve encountered during the ongoing migration of our antivirus solution from KV to XDR. Since initiating the migration, couple of our Windows servers have experienced crashes after the XDR deployment.(A2QA2086 Windows 2012 Server and A2DEV3049 Windows 2016 Server)

These server crashes are causing significant disruption to different teams , and we are concerned about the potential impact on system stability. We suspect that the crashes might be linked to the compatibility between the XDR solution and current server configurations.

We request immediate assistance in diagnosing and resolving these issues. Specifically, we would appreciate guidance on:

1. Identifying the root cause of the server crashes.

2. Recommended troubleshooting steps or patches that can help stabilize the affected servers.

3. Any configuration changes required to ensure a smooth transition to XDR.

Your prompt attention to this matter is crucial. We are standing by for your instructions on the next steps to mitigate this issue and ensure a successful migration.

Hi NOS Team,

Hope for your wellbeing!,

Please help to resolve SQL Server Connectivity Issue on subjected VM on priority. Thanks

VMware vSphere vMotion

High Availability

Leave a Comment

Your email address will not be published. Required fields are marked *

Scroll to Top