[DFSci] (no subject)

Thu Aug 1 16:39:16 PDT 2019

Hello,

We have a windows machine that we’ve identified multiple event IDs 4625.
It appears to be a brute force attack.    Can anyone please recommend any
documentation or resource that would show which artifacts should be
examined next to determine if the attack was successful and if any changes
were made to the machine.  I know this is a broad question but we’re really
just looking for a “next steps to take” sort of guide.

Thanks