Today, my Database server unexpectedly restarted. After checking it, I found that since the start of December, I was getting this event, Network Threat Protection Event. Here's the event
Object detected.
Object name: 64.76.157.3:51747 (different IP every time).
Object type: N/A.
Severity level: high.
Certainty level: complete signature match.
Detected object type: network attack.
Detected: Bruteforce.Generic.Rdp.d.
Task name: Network Threat Protection.
User name: N/A.
Computer name: DB01.
Process: 192.168.0.11:3389.
PID: 6.
This server is part of 5 servers that have the same public IP each with a different port, all servers got the event. So, my question is:
Does the Attacker have to know the public IP in order to make the attack? How can I know the source of the attack? Also, do I need to put a Firewall Device since I don't have one.
Event Image