IBM QRadar

Good morning everyone! 

At the moment I'm getting this problem, My SIEM Qradar generated many alerts which user is fail to login to a FILESERVER: "Multiple Login Failures for the Same User containing Failure Audit: An account failed to log on". 

I confirmed with users that there's no login failed behavior from them. 

I tried myself to login to the FILESEVER, login sucessfully at the first time (and only one time), but also get the login failures offense. 

If anyone got the same issue, please help me to explain this? 

Thank you so much!

------------------------------
Anh Minh
------------------------------

Thank you so much for reading! 

I solved my problem. 

Have a great day!

Good morning everyone! 

At the moment I'm getting this problem, My SIEM Qradar generated many alerts which user is fail to login to a FILESERVER: "Multiple Login Failures for the Same User containing Failure Audit: An account failed to log on". 

I confirmed with users that there's no login failed behavior from them. 

I tried myself to login to the FILESEVER, login sucessfully at the first time (and only one time), but also get the login failures offense. 

If anyone got the same issue, please help me to explain this? 

Thank you so much!

------------------------------
Anh Minh
------------------------------

Thank you so much for reading! 

I solved my problem. 

Have a great day!

Good morning everyone! 

At the moment I'm getting this problem, My SIEM Qradar generated many alerts which user is fail to login to a FILESERVER: "Multiple Login Failures for the Same User containing Failure Audit: An account failed to log on". 

I confirmed with users that there's no login failed behavior from them. 

I tried myself to login to the FILESEVER, login sucessfully at the first time (and only one time), but also get the login failures offense. 

If anyone got the same issue, please help me to explain this? 

Thank you so much!

------------------------------
Anh Minh
------------------------------