Hello.
On a Windows box A (Windows Server 2019 Version 1809 OS Build 17763.5122), we upgraded OneAgent from 1.271.135.20230810-115019 to 1.277.165.20231024-150054 : we get thousands of network attempted logins from box A, with many local technical users, and many Active Directory recently connected users, to many Windows targets machines on port 445 (SMB). Some times thousands per minute. Also toward Unix boxes. It is not constant. Happens some times for hour, sometime for minutes. It triggers alerts here. And stopped us to deploy this version on the parc.
When we stop or rollback OneAgent : no problem any more.
We tried intermédiate version : 1.275.146.20231002-095820 : looks like no problem in that case.
We also tried latest OA version : 1.277.196 : same problem.
Looks like brute force attack. Maybe attempting vulnerabilities exploit ?
Any one exposed to that ? Any known solutions ?
Regards.
--
Tickets ref:
Dynatrace: 250650
Private internal: Jira DEVOPS-15019
