Hi folks,
Recently installed crowdstrike on our network, when i added our mail enable server to it, i keep getting alerts of foreign actors logging into the server via the IME_USER. I changed the password from the install utility yesterday, just got another alert.
Is there a legitimate reason why a remote IP could gain access to that user as a "successful login?"