Excessive number of failed connections from a single source (ASIM Network Session schema) default analytics rule -- results contain no src IP address about azure-sentinel HOT 5 CLOSED

-- Mark Bell IT Administrator (CompTIA Certified Secure Infrastructure Specialist, IT Ops Specialist, A+, Network+ and Security+) Journeys in Community Living 1130 Haley Rd. Murfreesboro, TN 37129 615-890-4389, ext. 45<tel:+16158904389,45> (ofc) 615-295-3046<tel:+16152953046> (cell) www.journeystn.org<http://www.journeystn.org/> www.fb.com/journeysincommunity<http://www.fb.com/journeysincommunity> www.twitter.com/journeystn<http://www.twitter.com/journeystn> NOTICE: This email may contain confidential (including but not limited to) HIPAA-protected and/or privileged information intended only for specific, predetermined recipients. If you are not the intended recipient, you are hereby notified that any review, further dissemination, distribution or duplication of this communication is STRICTLY FORBIDDEN. Please delete and/or destroy all copies of this message after notifying Mark Bell of the error by reply email or calling 615-295-3046<tel:+16152953046>.

________________________________ From: Varun Kohli ***@***.***> Sent: Thursday, July 11, 2024 4:52:32 AM To: Azure/Azure-Sentinel ***@***.***> Cc: Mark Bell ***@***.***>; Author ***@***.***> Subject: Re: [Azure/Azure-Sentinel] Excessive number of failed connections from a single source (ASIM Network Session schema) default analytics rule -- results contain no src IP address (Issue #10713) [EXTERNAL SENDER] Handle with care! DO NOT open attachments or click links from unknown senders or unexpected email! This email originated from outside the journeystn.org domain! - JICL Helpdesk<https://jicladmin.org/>

________________________________ SrcIpAddrs coming null means that the source did not provide SrcIp in the log. Worth checking the raw log to verify if the SrcIp is coming from source or not. What is the source networksession logs in your environment? If source is not providing SrcIp details, it is worth checking why for network failures no source details being logged. — Reply to this email directly, view it on GitHub<#10713 (comment)>, or unsubscribe<https://github.com/notifications/unsubscribe-auth/AKN3WZCEIDQEWCRWGVJ72TLZLZIWBAVCNFSM6AAAAABJ6L3OR2VHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMZDEMRSGUYDQMZSHE>. You are receiving this because you authored the thread.Message ID: ***@***.***> NOTICE: This email may contain confidential (including but not limited to) HIPAA-protected and/or privileged information intended only for specific, predetermined recipients. If you are not the intended recipient, you are hereby notified that any review, further dissemination, distribution or duplication of this communication IS STRICTLY FORBIDDEN. Please delete and/or destroy all copies of this message after notifying JICL IT of the error by reply ***@***.***> or by calling 615-890-4389.