Suspicious Successful Logons

Multiple successful logons from a single user to different nodes or machines is another extremely suspicious pattern of activity that might indicate a malware infection. This could be a situation where malware on an infected host machine was successful in gaining a user’s credentials and is moving laterally within an organization.

The Suspicious Logons sub-panel displays all successful logons to multiple nodes in the organization allowing investigators to quickly pinpoint machines that may have malware.


  • Users – Bar chart of users with successful logons to multiple nodes within the specified time frame. Click on a user to view nodes where logons occurred. Right-click on a user and drill down to ‘Details’ to view a detailed report.
  • Failed Logons Trend – Graph indicating trend of successful logon activity for specified time frame. Click on a peak to view what caused the peak.
  • Nodes – Nodes from where logons occurred.
  • Successful Logon Operations – Displays the types of logon events to establish a successful connection.
  • Targeted Hosts – Hosts where successful logons connected.
Contact Us