ESET Secure Authentication: Backtracing attempted connections into our company network

[MKTMichael 1]

Hello there,

 

our company uses ESA to secure our whole network from unauthericed access. We noticed alot of failed tries to connect into our company network from outside. I gues its a normal thing with all those hackers out there. Inside our webconsole we were able to see from which IP's those rouge access attempts came from. 

Our question now is: Is there also a way to find out in which way they tried to connect to our Network via ESA. Like if they tried to go over certain ports, accounts or other ways? Are there accessable logs from which we can get those informations?

Edited August 26, 2022 by MKTMichael

[IggyPop 20]

Hi @MKTMichael,

Not sure if you are just using the Mobile App or the product. In case of product what you can do for the beginning is to access the Reports where you should see the failed attempts.

My reccommendation here is go to Reports and follow similar filter as I have below:

• Go to Reports
• Select Presets - Denied Authentications
• In results select - Failure or Warning (investigate both)

Please see my screenshots below:

In case of any other questions please feel free to ask more.

Hope it helps.

Ingemar

Edited August 26, 2022 by IggyPop