In Even Viewer we are seeing a ton of events like the example below. There are 20 or more a second. We are trying to find out where they are coming from and how to stop them. Any ideas and what else we can do? Is there software out there that would help us in looking for info on these? One of the things that is throwing us off is the username changes on every one of the events.
- System
- Provider
[ Name] Microsoft-Windows-Security-Auditing
[ Guid] {54849625-5478-4994-A5BA-3E3B0328C30D}
EventID 4776
Version 0
Level 0
Task 14336
Opcode 0
Keywords 0x8010000000000000
- TimeCreated
[ SystemTime] 2020-04-29T12:35:59.662914700Z
EventRecordID 168057449
Correlation
- Execution
[ ProcessID] 704
[ ThreadID] 9872
Channel Security
Computer
Security
- EventData
PackageName MICROSOFT_AUTHENTICATION_PACKAGE_V1_0
TargetUserName tomcat
Workstation
Status 0xc0000064
Our community of experts have been thoroughly vetted for their expertise and industry experience.