SIEM Alerting on Successful Logins From Outside Domains

egrizzlyegrizzly B.Sc (Info. Systems), CISSP, CCNA, CCNP, Security+Member Posts: 318 ■■■■□□□□□□
edited February 4 in Incident Response
Our new SIEM tool called SecureOnix seems to be alerting on successful logins from external domains.  Does anyone have a clue on what might be causing this?  Our domain is ourcompany.com.  So Becky Sue who, when employed with us, used to have a corporate email [email protected] has already left the company.  However when she logs on to a completely external domain address [email protected] an alert triggers into our SIEM tool.  It's kind of weird.  All the alerts seem to be coming from ex-employees.

Any idea what could be causing this?  Our IT environment is a hybrid-cloud running through Azure.  As always, thanks for your tips, suggestions, and overall participation :smile:
Sign In or Register to comment.