Today when i was inspecting security event logs at active directory server i realised we are recieving constant password brute force attacks from different user accounts.
Usernames were seeming to be coming from a rainbow table as; Jessie, Jaxon, Clare...so on
Source workstation is also seeming to be different on each try as; Windows7, Remmina, Windows2019, Windows10, FreeRDP... (these hosts does not seem to appear on network when i do nslookup control)
The question is i have no identifier to reach an ip address to reach the attacker device.
I am adding an example log output and info i got, and i need guidance to reach further information on which device is sending this requests.
Authentication Package: MICROSOFT_AUTHENTICATION_PACKAGE_V1_0
Logon Account: Matthew
Source Workstation: FreeRDP
Error Code: 0xC0000064