活動 - 02_資安事件及異常紀錄 - MIS部門作業管理平台

活動

起 2025-11-11 迄 2025-11-20

2025-11-14

16:13 一般 #1142 (Closed-關閉): INCGC-14214-Medium-Windows Admin Account Logon To Multiple Servers Within 1 Hour: !clipboard-202511141613-akejo.png!
!clipboard-202511141613-z4apf.png!
益利周
16:12 一般 #1141 (Closed-關閉): INCGC-14212]-Medium-Possbile Kerberoasting Detected: !clipboard-202511141611-epmqc.png!
!clipboard-202511141611-ty1dn.png!
益利周
16:10 一般 #1140 (Closed-關閉): INCGC-14208-Low-Windows Domain Policy Changed: !clipboard-202511141609-r6jop.png!
!clipboard-202511141610-zlpvq.png!
益利周
10:02 一般 #1139 (Closed-關閉): INCGC-14169-Low-Windows Scheduled Task Deleted: !clipboard-202511141001-xv1ai.png!
益利周
10:00 一般 #1138 (Closed-關閉): INCGC-14167-Low-Windows Scheduled Task Created: !clipboard-202511141000-nqhqp.png!
益利周
09:58 一般 #1137 (Closed-關閉): INCGC-14176-Low-Windows Domain Policy Changed: !clipboard-202511140956-mtnya.png!
!clipboard-202511140957-rxa1r.png!
益利周

2025-11-13

11:37 一般 #1128 (Resolved-解决): INCGC-14136-Low-Windows Bruteforce Attempt Detected: 以舊設備 Windows 7 + 單機(未加入網域) 測試網路連線，連線時系統已以預設登入帳號帶入登入連線，本機為測試機,尚未加入網域,故自動連線時所帶出帳號無法與遠端帳號匹配連線.導致連線失敗. 益利周
11:14 一般 #1128 (In process-進行中): INCGC-14136-Low-Windows Bruteforce Attempt Detected: !clipboard-202511131113-mthuz.png!
!clipboard-202511131114-ubirs.png!
益利周
10:13 一般 #1128 (Closed-關閉): INCGC-14136-Low-Windows Bruteforce Attempt Detected: 益利周
10:55 一般 #1127 (Resolved-解决): INCGC-14149-Medium-Windows Admin Account Logon To Multiple Servers Within 1 Hour: 經查目前 10.10.150.20 10.10.150.25 及 192.168.4.229 為 ERP 上雲一案中,雲端虛擬機設備.目前正在設定測試階段.此為環境及帳號相關之調整. 益利周
10:47 一般 #1127 (In process-進行中): INCGC-14149-Medium-Windows Admin Account Logon To Multiple Servers Within 1 Hour: !clipboard-202511131039-gph17.png!
!clipboard-202511131040-qydfh.png!
益利周
10:11 一般 #1127 (Closed-關閉): INCGC-14149-Medium-Windows Admin Account Logon To Multiple Servers Within 1 Hour: 益利周
10:24 一般 #1136 (Closed-關閉): INCGC-13984-Low-Windows Scheduled Task Created: 益利周
10:22 一般 #1135 (Closed-關閉): INCGC-14061]-Low-Windows Bruteforce Attempt Detected: 益利周
10:20 一般 #1134 (Closed-關閉): INCGC-14067]-Medium-Possbile Kerberoasting Detected: 益利周
10:19 一般 #1133 (Closed-關閉): INCGC-14069-Medium-Windows Tgs Requests Without Preceding Tgt Requests: 益利周
10:18 一般 #1132 (Closed-關閉): INCGC-14054-Low-Windows User Added In Global Privileged Security Group: 益利周
10:16 一般 #1131 (Closed-關閉): INCGC-14061-Low-Windows Bruteforce Attempt Detected: 益利周
10:15 一般 #1130 (Closed-關閉): INCGC-14073-Low-Windows User Added In Global Privileged Security Group: 益利周
10:14 一般 #1129 (Closed-關閉): INCGC-14139]-Medium-Windows Admin Account Logon To Multiple Servers Within 1 Hour: 益利周

匯出至 Atom