The LDAP Distinguised Name which is used to sync with AD directory everyday at night, is attempting to login multiple times from multiple subs servers into AD ...
the Capture is showing 27 attempts in an hour.... thus Qradar is logging as a Brute force attempt..
i dont know why sub would try attempting to login to AD-Ldap...
LDAP: User Login Brute Force Attempt
LDAP: User Login Brute Force Attempt
LDAP: User Login Brute Force Attempt
LDAP: User Login Brute Force Attempt
LDAP: User Login Brute Force Attempt
.......
LDAP: User Login Brute Force Attempt
