In Even Viewer we are seeing a ton of events like the example below. There are 20 or more a second. We are trying to find out where they are coming from and how to stop them. Any ideas and what else we can do? Is there software out there that would help us in looking for info on these? One of the things that is throwing us off is the username changes on every one of the events.
We blocked those ports and it did not help. I do have our firewall setup to block all traffic in and out to other countries. I also tried the link you provided from Spiceworks and the reports didn't show anything.
https://docs.microsoft.com/en-us/windows/security/threat-protection/auditing/event-4776