Hi
Can someone help me interpret this logs?
(note that this has been filtered with the ip 10.0.4.80)
The person who is complaining about the malfunctioning Identity awareness told me that he logged into the machine 10.0.4.80 with his user and from that machine he used other credentials (that can be seen expiring alltogether at 16:53.05) to log into other machines for example in RDP. The malfunctioning that he's experiencing is that the url-filtering doesn't let him into pages permitted for his user.
Now it seems like those credentials have been detected by the Identity awareness and, at some point, the highlighted alert popped up (Machine (machine name) at (IP address) has 1 users (or more) currently connected to it, and will be automatically ignored).
Now I've read something about that message, and it seems to me that the outcome of reaching that threshold should not be a ban.
Is there anything suspicious that could have caused the reported malfunctionig or is this actually ok?
Thanks