活動 - 02_資安事件及異常紀錄 - MIS部門作業管理平台

活動

起 2025-11-04 迄 2025-11-13

2025-11-13

11:37 一般 #1128 (Resolved-解决): INCGC-14136-Low-Windows Bruteforce Attempt Detected: 以舊設備 Windows 7 + 單機(未加入網域) 測試網路連線，連線時系統已以預設登入帳號帶入登入連線，本機為測試機,尚未加入網域,故自動連線時所帶出帳號無法與遠端帳號匹配連線.導致連線失敗. 益利周
11:14 一般 #1128 (In process-進行中): INCGC-14136-Low-Windows Bruteforce Attempt Detected: !clipboard-202511131113-mthuz.png!
!clipboard-202511131114-ubirs.png!
益利周
10:13 一般 #1128 (Closed-關閉): INCGC-14136-Low-Windows Bruteforce Attempt Detected: 益利周
10:55 一般 #1127 (Resolved-解决): INCGC-14149-Medium-Windows Admin Account Logon To Multiple Servers Within 1 Hour: 經查目前 10.10.150.20 10.10.150.25 及 192.168.4.229 為 ERP 上雲一案中,雲端虛擬機設備.目前正在設定測試階段.此為環境及帳號相關之調整. 益利周
10:47 一般 #1127 (In process-進行中): INCGC-14149-Medium-Windows Admin Account Logon To Multiple Servers Within 1 Hour: !clipboard-202511131039-gph17.png!
!clipboard-202511131040-qydfh.png!
益利周
10:11 一般 #1127 (Closed-關閉): INCGC-14149-Medium-Windows Admin Account Logon To Multiple Servers Within 1 Hour: 益利周
10:24 一般 #1136 (Closed-關閉): INCGC-13984-Low-Windows Scheduled Task Created: 益利周
10:22 一般 #1135 (Closed-關閉): INCGC-14061]-Low-Windows Bruteforce Attempt Detected: 益利周
10:20 一般 #1134 (Closed-關閉): INCGC-14067]-Medium-Possbile Kerberoasting Detected: 益利周
10:19 一般 #1133 (Closed-關閉): INCGC-14069-Medium-Windows Tgs Requests Without Preceding Tgt Requests: 益利周
10:18 一般 #1132 (Closed-關閉): INCGC-14054-Low-Windows User Added In Global Privileged Security Group: 益利周
10:16 一般 #1131 (Closed-關閉): INCGC-14061-Low-Windows Bruteforce Attempt Detected: 益利周
10:15 一般 #1130 (Closed-關閉): INCGC-14073-Low-Windows User Added In Global Privileged Security Group: 益利周
10:14 一般 #1129 (Closed-關閉): INCGC-14139]-Medium-Windows Admin Account Logon To Multiple Servers Within 1 Hour: 益利周

2025-11-10

17:46 一般 #1126 (In process-進行中): INCGC-13966-Pan Firewall Brute Force Attempt Detected: Joy Liao
17:46 非法入侵 #1125 (Resolved-解决): INCGC-13930-Windows Bruteforce Attempt Detected: Joy Liao
17:46 阻斷服務 #1124 (Resolved-解决): INCGC-13693-Outbound Communication Detected To Malicious Domain Detected On Firewall: Joy Liao
17:46 一般 #1123 (Closed-關閉): INCGC-13563-Windows Scheduled Task Created: Joy Liao
17:46 一般 #1122 (Closed-關閉): INCGC-13562-Linux Server Shutdown: Joy Liao
17:46 一般 #1121 (Resolved-解决): INCGC-13370-Windows Scheduled Task Created: Joy Liao
17:46 一般 #1112 (Closed-關閉): INCGC-12796-Windows Domain Policy Changed: Joy Liao
17:46 一般 #1113 (Closed-關閉): INCGC-12799-Windows Domain Policy Changed: Joy Liao
17:46 一般 #1114 (Closed-關閉): INCGC-12817-Windows Domain Policy Changed: Joy Liao
17:46 一般 #1115 (Closed-關閉): INCGC-12818-Windows Brute Force Attempt Detected Logon Type 3: Joy Liao
17:46 一般 #1116 (Closed-關閉): INCGC-12951-Windows Domain Policy Changed: Joy Liao
17:46 一般 #1117 (Closed-關閉): INCGC-13225-Multiple Fortinet Firewall Configuration Change Detected In 30 Mins: Joy Liao
17:46 一般 #1118 (Resolved-解决): INCGC-13230-Fortinet Firewall Configuration Change Detected Outside Of Business Hours: Joy Liao
17:46 一般 #1119 (Closed-關閉): INCGC-13232-Multiple Fortinet Firewall Configuration Change Detected In 30 Mins: Joy Liao
17:46 一般 #1120 (Closed-關閉): INCGC-13235-Fortinet Firewall Configuration Change Detected Outside Of Business Hours: Joy Liao
17:46 一般 #1101 (Closed-關閉): INCGC-9045-Windows Brute Force Attempt Detected Logon Type 3: Joy Liao
17:46 一般 #1102 (Closed-關閉): INCGC-9134-Windows Scheduled Task Created: Joy Liao
17:46 一般 #1103 (Closed-關閉): INCGC-9218-Windows Multiple Failed Login Attempts Then Success: Joy Liao
17:46 一般 #1104 (Closed-關閉): INCGC-9363-Windows Domain Policy Changed: Joy Liao
17:46 一般 #1105 (Closed-關閉): INCGC-9501-Windows Domain Policy Changed: Joy Liao
17:46 一般 #1106 (Closed-關閉): INCGC-10959-Windows Brute Force Attempt Detected Logon Type 3: Joy Liao
17:46 一般 #1107 (Closed-關閉): INCGC-12357-Windows Brute Force Attempt Detected Logon Type 3: Joy Liao
17:46 一般 #1108 (Closed-關閉): INCGC-12747-Windows Multiple Failed Login Attempts Then Success: Joy Liao
17:46 一般 #1109 (Closed-關閉): INCGC-12754-Windows Domain Policy Changed: Joy Liao
17:46 一般 #1110 (Closed-關閉): INCGC-12768-Windows Domain Policy Changed: Joy Liao
17:46 一般 #1111 (Closed-關閉): INCGC-12779-Windows Brute Force Attempt Detected Logon Type 3: Joy Liao
17:46 一般 #1100 (Closed-關閉): INCGC-8733-Windows Brute Force Attempt Detected Logon Type 3: Joy Liao
17:46 一般 #1099 (Closed-關閉): INCGC-8714-Windows Scheduled Task Created: Joy Liao
17:46 一般 #1098 (Closed-關閉): INCGC-8691-Windows Brute Force Attempt Detected Logon Type 3: Joy Liao
17:46 一般 #1097 (Resolved-解决): INCGC-5507-Windows Brute Force Attempt Detected Logon Type 3: Joy Liao
17:46 一般 #1092 (Closed-關閉): INCGC-5376-Windows Brute Force Attempt Detected Logon Type 3: Joy Liao
17:46 一般 #1096 (Closed-關閉): INCGC-5398-Windows User Account Created And Deleted In Short Interval: Joy Liao
17:46 一般 #1093 (Closed-關閉): INCGC-5389-Windows Brute Force Attempt Detected Logon Type 3: Joy Liao
17:46 一般 #1094 (Closed-關閉): INCGC-5393-Windows User Removed From Privileged Security Group: Joy Liao
17:46 一般 #1095 (Closed-關閉): INCGC-5397-Windows User Account Enabled: Joy Liao
17:37 非法入侵 #1050 (Closed-關閉): Asia Cyber Security Service Portal (ACSSP) 【Reply in Jira】[INCCS-4211]: Joy Liao
17:37 非法入侵 #1051 (Closed-關閉): Asia Cyber Security Service Portal (ACSSP) 【Reply in Jira】[INCCS-4244]: Joy Liao
17:37 一般 #1054 (Closed-關閉): Asia Cyber Security Service Portal (ACSSP) 【Reply in Jira】[INCGC-5359]-High-Blacklisted Outbound Traffic On Firewall: Joy Liao
17:37 一般 #1034 (Closed-關閉): Black-IP: Joy Liao
17:37 一般 #1033 (Closed-關閉): FW-IP to black: Joy Liao
17:37 一般 #1052 (Closed-關閉): Asia Cyber Security Service Portal (ACSSP) 【Reply in Jira】[INCCS-4281]: Joy Liao

匯出至 Atom