I am investigating on a Geographically Improbable Access notable event. The user internal_monitoring is detected to have successfull logons in 2 different countries. How is this possible? Isn't internal_monitoring a daemon/background process and isn't something that a "human" can use to login?
Please advice. Thanks a lot!
Hi,
Facing something similar, what was your finding?