interesting:
"timestamp": "2021-12-08T10:24:21.776559-0800",
"type": "Authentication",
"Authentication": {
"version": {
"major": 1,
"minor": 2
},
"eventId": 4625,
"logonId": "0",
"logonType": 3,
"status": "NT_STATUS_NO_SUCH_USER",
"localAddress": "ipv4:xx.xx.xx.xx:445",
"remoteAddress": "ipv4:xx.xx.xx.xx:56076",
"serviceDescription": "SMB2",
"authDescription": null,
"clientDomain": "",
"clientAccount": "pete.forde",
"workstation": "",
"becameAccount": null,
"becameDomain": null,
"becameSid": null,
"mappedAccount": "pete.forde",
"mappedDomain": "",
"netlogonComputer": null,
"netlogonTrustAccount": null,
"netlogonNegotiateFlags": "0x00000000",
"netlogonSecureChannelType": 0,
"netlogonTrustAccountSid": null,
"passwordType": "NTLMv2",
"duration": 3107
}
},
{
"timestamp": "2021-12-08T10:31:44.515756-0800",
"type": "Authentication",
"Authentication": {
"version": {
"major": 1,
"minor": 2
},
"eventId": 4625,
"logonId": "0",
"logonType": 3,
"status": "NT_STATUS_NO_SUCH_USER",
"localAddress": "ipv4:xx.xx.xx.xx:445",
"remoteAddress": "ipv4:xx.xx.xx.xx:58524",
"serviceDescription": "SMB2",
"authDescription": null,
"clientDomain": "",
"clientAccount": "pete.forde",
"workstation": "",
"becameAccount": null,
"becameDomain": null,
"becameSid": null,
"mappedAccount": "pete.forde",
"mappedDomain": "",
"netlogonComputer": null,
"netlogonTrustAccount": null,
"netlogonNegotiateFlags": "0x00000000",
"netlogonSecureChannelType": 0,
"netlogonTrustAccountSid": null,
"passwordType": "NTLMv2",
"duration": 3157