專案

一般

配置概況

活動

起 2026-01-06 迄 2026-01-15

2026-01-15

14:55 一般 #1097 (Resolved-解决): INCGC-5507-Windows Brute Force Attempt Detected Logon Type 3
!clipboard-202601151452-5d3mm.png!
此為 財務 會計 人員 淑娟 在上班時間 有未能成功登入 AZUSRVSALES 系統記錄.
研判為 密碼輸入錯誤. 益利 周
14:50 一般 #1118 (Resolved-解决): INCGC-13230-Fortinet Firewall Configuration Change Detected Outside Of Business Hours
!clipboard-202601151448-0bxe9.png!
此為網路維護商 在非上班時間進行 問題查找. 屬正常行為. 益利 周
14:46 一般 #1121 (Resolved-解决): INCGC-13370-Windows Scheduled Task Created
!clipboard-202601151445-o67ja.png!
此為系統防護自動排程 益利 周
14:38 一般 #1126 (In process-進行中): INCGC-13966-Pan Firewall Brute Force Attempt Detected
!clipboard-202601151436-4coqw.png!
查無此案號相關記錄 益利 周
10:29 一般 #1361 (Resolved-解决): [INCGC-15748]-Low-Blacklisted Outbound Traffic On Firewall
!clipboard-202601151024-qmpsl.png!
經查 7天內 對 184.75.221.180 有一筆記錄.
!clipboard-202601151028-i1shy.png!
已將 184.75.221... 益利 周
09:40 一般 #1361 (Resolved-解决): [INCGC-15748]-Low-Blacklisted Outbound Traffic On Firewall
!clipboard-202601150939-j0ggj.png!
 益利 周
09:58 一般 #1357: [INCGC-15706]-Low-Outbound Communication Detected To Malicious Domain Detected On Firewall
1/12 將 "objectstorage[.]ap-tokyo-1[.]oraclecloud[.]com" 加入 DNS 黑名單.
未獲預期成效
!clipboard-202601150955-xh368.png!
1/14... 益利 周

2026-01-12

17:49 一般 #1357 (Resolved-解决): [INCGC-15706]-Low-Outbound Communication Detected To Malicious Domain Detected On Firewall
防火牆警報「偵測到與惡意網域的出站通訊」表明,主機 ULPU-TL-PC-0002(IP 位址 10.15.88.101,MAC 位址 A0:AD:9F:97:10:F4)透過 HTTPS 與網域 OBJECTSTORAGE.AP-T... 益利 周
17:43 一般 #1357 (Resolved-解决): [INCGC-15706]-Low-Outbound Communication Detected To Malicious Domain Detected On Firewall
!clipboard-202601121743-lep0j.png!
 益利 周
13:07 一般 #1103 (Closed-關閉): INCGC-9218-Windows Multiple Failed Login Attempts Then Success
Joy Liao
13:07 一般 #1104 (Closed-關閉): INCGC-9363-Windows Domain Policy Changed
Joy Liao
13:07 一般 #1102 (Closed-關閉): INCGC-9134-Windows Scheduled Task Created
Joy Liao
13:07 一般 #1105 (Closed-關閉): INCGC-9501-Windows Domain Policy Changed
Joy Liao
13:07 一般 #1106 (Closed-關閉): INCGC-10959-Windows Brute Force Attempt Detected Logon Type 3
Joy Liao
13:07 一般 #1094 (Closed-關閉): INCGC-5393-Windows User Removed From Privileged Security Group
Joy Liao
13:07 一般 #1098 (Closed-關閉): INCGC-8691-Windows Brute Force Attempt Detected Logon Type 3
Joy Liao
13:07 一般 #1093 (Closed-關閉): INCGC-5389-Windows Brute Force Attempt Detected Logon Type 3
Joy Liao
13:07 一般 #1100 (Closed-關閉): INCGC-8733-Windows Brute Force Attempt Detected Logon Type 3
Joy Liao
13:07 一般 #1099 (Closed-關閉): INCGC-8714-Windows Scheduled Task Created
Joy Liao
13:07 一般 #1092 (Closed-關閉): INCGC-5376-Windows Brute Force Attempt Detected Logon Type 3
Joy Liao
13:07 一般 #1095 (Closed-關閉): INCGC-5397-Windows User Account Enabled
Joy Liao
13:07 一般 #1096 (Closed-關閉): INCGC-5398-Windows User Account Created And Deleted In Short Interval
Joy Liao
13:07 一般 #1101 (Closed-關閉): INCGC-9045-Windows Brute Force Attempt Detected Logon Type 3
Joy Liao
13:07 一般 #1133 (Closed-關閉): INCGC-14069-Medium-Windows Tgs Requests Without Preceding Tgt Requests
Joy Liao
13:07 一般 #1132 (Closed-關閉): INCGC-14054-Low-Windows User Added In Global Privileged Security Group
Joy Liao
13:07 一般 #1128 (Closed-關閉): INCGC-14136-Low-Windows Bruteforce Attempt Detected
Joy Liao
13:07 一般 #1127 (Closed-關閉): INCGC-14149-Medium-Windows Admin Account Logon To Multiple Servers Within 1 Hour
Joy Liao
13:07 一般 #1129 (Closed-關閉): INCGC-14139]-Medium-Windows Admin Account Logon To Multiple Servers Within 1 Hour
Joy Liao
13:07 一般 #1123 (Closed-關閉): INCGC-13563-Windows Scheduled Task Created
Joy Liao
13:07 一般 #1122 (Closed-關閉): INCGC-13562-Linux Server Shutdown
Joy Liao
13:07 一般 #1130 (Closed-關閉): INCGC-14073-Low-Windows User Added In Global Privileged Security Group
Joy Liao
13:07 一般 #1120 (Closed-關閉): INCGC-13235-Fortinet Firewall Configuration Change Detected Outside Of Business Hours
Joy Liao
13:07 一般 #1119 (Closed-關閉): INCGC-13232-Multiple Fortinet Firewall Configuration Change Detected In 30 Mins
Joy Liao
13:07 一般 #1131 (Closed-關閉): INCGC-14061-Low-Windows Bruteforce Attempt Detected
Joy Liao
13:07 一般 #1117 (Closed-關閉): INCGC-13225-Multiple Fortinet Firewall Configuration Change Detected In 30 Mins
Joy Liao
13:07 一般 #1110 (Closed-關閉): INCGC-12768-Windows Domain Policy Changed
Joy Liao
13:07 一般 #1111 (Closed-關閉): INCGC-12779-Windows Brute Force Attempt Detected Logon Type 3
Joy Liao
13:07 一般 #1112 (Closed-關閉): INCGC-12796-Windows Domain Policy Changed
Joy Liao
13:07 一般 #1113 (Closed-關閉): INCGC-12799-Windows Domain Policy Changed
Joy Liao
13:07 一般 #1114 (Closed-關閉): INCGC-12817-Windows Domain Policy Changed
Joy Liao
13:07 一般 #1115 (Closed-關閉): INCGC-12818-Windows Brute Force Attempt Detected Logon Type 3
Joy Liao
13:07 一般 #1116 (Closed-關閉): INCGC-12951-Windows Domain Policy Changed
Joy Liao
13:07 一般 #1109 (Closed-關閉): INCGC-12754-Windows Domain Policy Changed
Joy Liao
13:07 一般 #1108 (Closed-關閉): INCGC-12747-Windows Multiple Failed Login Attempts Then Success
Joy Liao
13:07 一般 #1107 (Closed-關閉): INCGC-12357-Windows Brute Force Attempt Detected Logon Type 3
Joy Liao
13:07 一般 #1244 (Closed-關閉): [INCGC-15583]-Medium-Windows Bruteforce Attempt Detected
Joy Liao
13:07 一般 #1250 (Closed-關閉): [INCGC-15661]-Medium-Windows Bruteforce Attempt Detected
Joy Liao
13:07 一般 #1249 (Closed-關閉): [INCGC-15654]-Medium-Windows Computer Account Created
Joy Liao
13:07 一般 #1248 (Closed-關閉): [INCGC-15643]-Low-Multiple Fortinet Firewall Configuration Change Detected In 30 Mins
Joy Liao
13:07 一般 #1247 (Closed-關閉): [INCGC-15641]-Low-Multiple Fortinet Firewall Configuration Change Detected In 30 Mins
Joy Liao
13:07 一般 #1246 (Closed-關閉): [INCGC-15612]-Medium-Windows Modify Gpo With Admin Accounts During Non Office Hours
Joy Liao
13:07 一般 #1245 (Closed-關閉): [INCGC-15609]-Medium-Windows Bruteforce Attempt Detected
Joy Liao
13:07 一般 #1136 (Closed-關閉): INCGC-13984-Low-Windows Scheduled Task Created
Joy Liao
13:07 一般 #1137 (Closed-關閉): INCGC-14176-Low-Windows Domain Policy Changed
Joy Liao
13:07 一般 #1138 (Closed-關閉): INCGC-14167-Low-Windows Scheduled Task Created
Joy Liao
13:07 一般 #1139 (Closed-關閉): INCGC-14169-Low-Windows Scheduled Task Deleted
Joy Liao
13:07 一般 #1140 (Closed-關閉): INCGC-14208-Low-Windows Domain Policy Changed
Joy Liao
13:07 一般 #1141 (Closed-關閉): INCGC-14212]-Medium-Possbile Kerberoasting Detected
Joy Liao
13:07 一般 #1142 (Closed-關閉): INCGC-14214-Medium-Windows Admin Account Logon To Multiple Servers Within 1 Hour
Joy Liao
13:07 一般 #1212 (Closed-關閉): INCGC-15090 -Low-Windows Authentication Replay Attack Detected
Joy Liao
13:07 一般 #1222 (Closed-關閉): Asia Cyber Security Service Portal (ACSSP) 【Reply in Jira】[INCGC-15458]-Low-Windows Bruteforce Attempt Detected
Joy Liao
13:07 一般 #1225 (Closed-關閉): [INCGC-15488]-Low-Windows Bruteforce Attempt Detected
Joy Liao
13:07 一般 #1226 (Closed-關閉): 【Reply in Jira】[INCGC-15492]-Low-Windows Bruteforce Attempt Detected
Joy Liao
13:07 一般 #1227 (Closed-關閉): [INCGC-15493]-Low-Windows Bruteforce Attempt Detected
Joy Liao
13:07 一般 #1228 (Closed-關閉): [INCCS-11231]-Low-Alerts Notification_Taiwan from CrowdStrike ["SensorGroupingTags/Taiwan_TAHO"] - ULPU-DH-PC-0013
Joy Liao
13:07 一般 #1134 (Closed-關閉): INCGC-14067]-Medium-Possbile Kerberoasting Detected
Joy Liao
13:07 一般 #1232 (Closed-關閉): [INCGC-15536]-Low-Windows Scheduled Task Created
Joy Liao
13:07 一般 #1135 (Closed-關閉): INCGC-14061]-Low-Windows Bruteforce Attempt Detected
Joy Liao
13:07 一般 #1243 (Closed-關閉): [INCGC-15605]-Medium-Windows Sensitive Or Administrative Account Password Changed
Joy Liao
13:07 一般 #1235 (Closed-關閉): [INCGC-15535]-Low-Windows Scheduled Task Deleted
Joy Liao

2026-01-09

14:19 一般 #1250 (Closed-關閉): [INCGC-15661]-Medium-Windows Bruteforce Attempt Detected
!clipboard-202601091418-9zd3j.png!
 益利 周
09:42 一般 #1248 (Resolved-解决): [INCGC-15643]-Low-Multiple Fortinet Firewall Configuration Change Detected In 30 Mins
新增異動 維護廠商帳號 供維護使用 益利 周
09:40 一般 #1249 (Resolved-解决): [INCGC-15654]-Medium-Windows Computer Account Created
新增電腦 予葉虹妤使用 益利 周
09:37 一般 #1249 (Closed-關閉): [INCGC-15654]-Medium-Windows Computer Account Created
!clipboard-202601090937-q7wr5.png!
 益利 周

2026-01-08

16:30 一般 #1248 (Closed-關閉): [INCGC-15643]-Low-Multiple Fortinet Firewall Configuration Change Detected In 30 Mins
!clipboard-202601081629-2ejnz.png!
 益利 周
13:56 一般 #1243 (Resolved-解决): [INCGC-15605]-Medium-Windows Sensitive Or Administrative Account Password Changed
此為 台中管理人員 變更 管理帳號密碼 導致觸發告警.
屬於正常變更密碼行為. 益利 周
13:11 一般 #1243 (Closed-關閉): [INCGC-15605]-Medium-Windows Sensitive Or Administrative Account Password Changed
!clipboard-202601081310-bllgq.png!
 益利 周
13:50 一般 #1244 (Resolved-解决): [INCGC-15583]-Medium-Windows Bruteforce Attempt Detected

此為 192.168.4.92 OpenVAS IT 開原弱點掃描檢測工具,檢測觸發警報. 益利 周
13:13 一般 #1244 (Closed-關閉): [INCGC-15583]-Medium-Windows Bruteforce Attempt Detected
!clipboard-202601081312-nox63.png!
 益利 周
13:41 一般 #1245 (Resolved-解决): [INCGC-15609]-Medium-Windows Bruteforce Attempt Detected
!clipboard-202601081336-qsgyu.png!
此為 永康廠-林義傑 使用 雲端 ERP 時,登入失敗,在短時間內,重覆嘗試登入導致觸發警告.
非網路攻擊行為. 益利 周
13:15 一般 #1245 (Closed-關閉): [INCGC-15609]-Medium-Windows Bruteforce Attempt Detected
!clipboard-202601081314-mbx7l.png!
 益利 周
13:28 一般 #1246 (Resolved-解决): [INCGC-15612]-Medium-Windows Modify Gpo With Admin Accounts During Non Office Hours
此為 永康管理人員 於早上 07:08 進行 永康廠-林義傑 AD 帳號登入失敗,故障排除時 觸發警報.
此為正常 維護動作. 益利 周
13:16 一般 #1246 (Closed-關閉): [INCGC-15612]-Medium-Windows Modify Gpo With Admin Accounts During Non Office Hours
!clipboard-202601081315-zhser.png!
 益利 周
13:23 一般 #1247 (Resolved-解决): [INCGC-15641]-Low-Multiple Fortinet Firewall Configuration Change Detected In 30 Mins

因 網管帳號 B20012.ADMIN 新增 網路維護廠商 帳號至各地防火牆 觸發此預警.
此為正常 帳號維護行為. 益利 周
13:17 一般 #1247 (Closed-關閉): [INCGC-15641]-Low-Multiple Fortinet Firewall Configuration Change Detected In 30 Mins
!clipboard-202601081317-yfxa8.png!
 益利 周
11:45 一般 #1235 (Resolved-解决): [INCGC-15535]-Low-Windows Scheduled Task Deleted
益利 周
11:44 一般 #1235 (In process-進行中): [INCGC-15535]-Low-Windows Scheduled Task Deleted
為上水 管理人員 登入時 系統自動套用帳戶 GPO 建立及刪除排程 自動行為. 益利 周
11:44 一般 #1232 (Resolved-解决): [INCGC-15536]-Low-Windows Scheduled Task Created
為上水 管理人員 登入時 系統自動套用帳戶 GPO 建立及刪除排程 自動行為. 益利 周
 

匯出至 Atom