- Products
- Learn
- Local User Groups
- Partners
- More
On-Premise SD-WAN Management
Register HereWhat's New in R82.10?
Watch Here AI Security Masters E8:
Claude Mythos: New Era in Cyber Security
CheckMates Go:
The Moment Before
Hi,
This is a screenshot from an Application log which shows me two different usernames.

Marked with orange and number 1 have the same username. Marked with blue is a different username. Why is destination user name different from the User field?
Because user b logged in to the database server (on the windows system) and the IP of the server was associated with this user.
A session from user a only shows this information as this information was not deleted (has not timed out).
Destination Username is the one associated to destination IP.
Associated in which way? Can you explain more please.
By identity awareness depending on your configuration. I assume ADquery or IDC.
I understand that. But if user a access a MS-SQL database, why is a different user b shown on destination username?
Because user b logged in to the database server (on the windows system) and the IP of the server was associated with this user.
A session from user a only shows this information as this information was not deleted (has not timed out).
Thanks for explaining. Since this was a correlated log showing user a accessing a database I don't see the point in this log of having the information about user b that is associated with that server. Do you?
I wouldn't need this information, but better have an information I don't need, than omitting it 🙂
Btw. if you don't need identity awareness on your servers (as source), you could exclude the server networks generally from IDC or ADquery.
While I usually see omitting data as a bad thing, in this case I was misled by the wording "Destination User Name". In my experience, some logs look like user a is a compromised account that's trying to access the system at the IP that user b is associated to. I'll be updating my team and any others that ask about that feature. Maybe a name change on those fields can be considered? Also "Dst User Dn"
Leaderboard
Epsum factorial non deposit quid pro quo hic escorol.
| User | Count |
|---|---|
| 94 | |
| 43 | |
| 7 | |
| 7 | |
| 6 | |
| 6 | |
| 6 | |
| 5 | |
| 4 | |
| 4 |
Tue 28 Jul 2026 @ 11:00 AM (EDT)
Under the Hood - Check Point and Illumio – Modern Network Defense Against AI-Based ThreatsThu 30 Jul 2026 @ 10:00 AM (PDT)
AI Security Masters E12: READY OR NOT: Securing the AI Enterprise 4/5 - AI GatewayThu 20 Aug 2026 @ 10:00 AM (PDT)
AI Security Masters E13: READY OR NOT: Securing the AI Ent 5/5 - AI Research & Threat LandscapeTue 28 Jul 2026 @ 11:00 AM (EDT)
Under the Hood - Check Point and Illumio – Modern Network Defense Against AI-Based ThreatsThu 30 Jul 2026 @ 10:00 AM (PDT)
AI Security Masters E12: READY OR NOT: Securing the AI Enterprise 4/5 - AI GatewayThu 20 Aug 2026 @ 10:00 AM (PDT)
AI Security Masters E13: READY OR NOT: Securing the AI Ent 5/5 - AI Research & Threat LandscapeAbout CheckMates
Learn Check Point
Advanced Learning
YOU DESERVE THE BEST SECURITY