on 2022 May 24 9:48 PM
Doing some learning with Dynatrace on our V2105 solution running on sap in public cloud.
It has reported a hotspot of /AutoDiscover/autodiscover.xml
Not ideal as to what this is, but it would appear something is calling it. Not sure if there is a way to determine who or what is trying to access this url.
Anyone seen this and if so, can you expand on what is going on here.
Request clarification before answering.
Hello samuel.yang
These requests are due to
" autodiscover is a feature of exchange to help automatically set up accounts in Outlook."
" applications like Outlook querying an exchange server "
" its most likely when people are trying to add emails / contacts "
So this appears to be normal operation.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hey David,
Sorry, I'm not sure about this either, but it depends on the traffic pattern and volume. I guess you can check with your development or technical ops team to better understand the actual requests.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi David,
Looks like AutoDiscover is part of the CCv2 ModelT infrastructure, which should not be exposed to end users.
I could not find the AutoDiscover service in my DT instances, so could you please trace it down to see which other services/processes are calling this AutoDiscover service through the backtrace feature or the service flow feature?
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hello Samuel
I am looking at Kibana and I see that I am getting GET and POST from IPS that are all over the US and CA. I have never seen this before and so not sure as to what these are.
Is this an attack of some sort
Here is an example
{"localServerName": "www.drivemedical.com", "remoteHost": "218.17.139.167", "identdUsername": "-", "remoteUser": "-", "time": "[25/May/2022:01:50:50 +0000]", "requestFirstLine": "POST /AutoDiscover/autodiscover.xml HTTP/1.1", "status": "500", "bytes": "141", "referer": "-", "userAgent": "Microsoft Office/16.0 (Windows NT 10.0; Microsoft Word 16.0.14326; Pro)", "cache status": "-"}
User | Count |
---|---|
20 | |
3 | |
2 | |
1 | |
1 | |
1 | |
1 | |
1 | |
1 | |
1 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.