cancel
Showing results for 
Search instead for 
Did you mean: 

Dynatrace identifies hotspot autodiscover.xml

djboyd4715
Participant
0 Kudos
318

Doing some learning with Dynatrace on our V2105 solution running on sap in public cloud.

It has reported a hotspot of /AutoDiscover/autodiscover.xml

Not ideal as to what this is, but it would appear something is calling it. Not sure if there is a way to determine who or what is trying to access this url.

Anyone seen this and if so, can you expand on what is going on here.

Accepted Solutions (0)

Answers (3)

Answers (3)

djboyd4715
Participant
0 Kudos

Hello samuel.yang

These requests are due to

" autodiscover is a feature of exchange to help automatically set up accounts in Outlook."

" applications like Outlook querying an exchange server "

" its most likely when people are trying to add emails / contacts "

So this appears to be normal operation.

samuelyang
Product and Topic Expert
Product and Topic Expert
0 Kudos

Hey David,

Sorry, I'm not sure about this either, but it depends on the traffic pattern and volume. I guess you can check with your development or technical ops team to better understand the actual requests.

samuelyang
Product and Topic Expert
Product and Topic Expert
0 Kudos

Hi David,

Looks like AutoDiscover is part of the CCv2 ModelT infrastructure, which should not be exposed to end users.

I could not find the AutoDiscover service in my DT instances, so could you please trace it down to see which other services/processes are calling this AutoDiscover service through the backtrace feature or the service flow feature?

djboyd4715
Participant
0 Kudos

Hello Samuel

I am looking at Kibana and I see that I am getting GET and POST from IPS that are all over the US and CA. I have never seen this before and so not sure as to what these are.

Is this an attack of some sort

Here is an example

{"localServerName": "www.drivemedical.com", "remoteHost": "218.17.139.167", "identdUsername": "-", "remoteUser": "-", "time": "[25/May/2022:01:50:50 +0000]", "requestFirstLine": "POST /AutoDiscover/autodiscover.xml HTTP/1.1", "status": "500", "bytes": "141", "referer": "-", "userAgent": "Microsoft Office/16.0 (Windows NT 10.0; Microsoft Word 16.0.14326; Pro)", "cache status": "-"}