Data Source Warnings

Logon data: EMPTY

Today at a Glance (AI Summary)

Here is an executive summary of the activity report data:
No users were active during the reporting period, indicating no logged-in sessions.
Hani experienced 7 failed login attempts, which could indicate a potential security concern or a forgotten password.
Michael Guirguis had two failed M365 sign-ins from Mississauga, CA, which warrants further investigation into the cause.
The Administrator account ran processes from temporary directories (csc.exe, cvtres.exe), a potential indicator of malicious activity.
The Administrator account initiated outbound connections to an external IP address (34.149.66.137) via claude.exe, which should be reviewed for legitimacy.
DMs-iPhone was the top bandwidth consumer with 6 MB of traffic, and Dalia-Salib-PC consumed 2.6 MB.
No USB device events or file deletions were recorded.
No remote access sessions were detected.

Generated by Gemini Flash

User Activity (Domain Authentication)

No domain logons recorded for this period.

Remote Desktop Sessions (Guacamole / RDP)

No RDS sessions recorded for this period.

Failed Logon Attempts

User	Failures	Source
hani@mdmcontracting.ca	7	HANY-PC

Top Applications (Server)

No application data for this period.

DNS Top Sites

Client	Domain	Queries
Reception-2-PC	array612.prod.do.dsp.mp.microsoft.com	2
ATEF-PC	canadaeast1-0.pushnp.svc.ms	4
Local	self.events.data.microsoft.com	8
Local	graph.microsoft.com	11
MDM-Server	cqd.teams.cloud.microsoft	2
Hany-PC	default.exp-tas.com	2
MDM-Server	www.microsoft.com	2
MDM-Server	registry.npmjs.org	2
Reception-2-PC	client.wns.windows.com	19
MDM-Server	ecs.nel.measure.office.net	10
EHAB-PC	array603.prod.do.dsp.mp.microsoft.com	4
ATEF-PC	v10.events.data.microsoft.com	15
ATEF-PC	ecs.office.com	4
192.168.128.19	ca-prod.asyncgw.teams.microsoft.com	2
192.168.128.19	5p69hiii4m.execute-api.us-east-1.amazonaws.com	7
MDM-Server	1076-ms-7.9733-16762b84.1c44b9df-20ae-11f1-8f9d-2cea7f579a3a	1
Local	ca-prod.asyncgw.teams.microsoft.com	12
192.168.128.24	cfd-features.argotunnel.com	5
MDM-Server	img-s-msn-com.akamaized.net	2
Hany-PC	clients4.google.com	12

Workstation Activity (Agent)

MDM-SERVER (Administrator) — 1 snapshots, avg idle: 29s

Top Window Titles	Count
⠂ soul-production-guardrails	1

Top Processes	Seen
cmd	2
mmc	1
WebPlugin_NVR	1
msedge	1
ServerManager	1

Browser	Domain	Visits	Sample Page
Edge	go.microsoft.com	1	Dashboard - Microsoft Teams admin center
Edge	login.microsoft.com	6	Redirecting
Edge	servicetrust.microsoft.com	3	Service Trust Portal Home Page
Edge	n93.dashboard.meraki.com	12	Organization settings - Meraki Dashboard
Edge	login.microsoftonline.com	27	Sign in to your account
Edge	08f1b3661a1f.devices.meraki.direct:8092	4	08f1b3661a1f.devices.meraki.direct:8092/index.html#connec...
Edge	teams.cloud.microsoft	15	MDM Claw \| MDM Claw \| Microsoft Teams
Edge	account.meraki.com	4	Meraki Dashboard Login
Edge	admin.teams.microsoft.com	17	Microsoft Teams admin center - Microsoft Teams admin center
Edge	bing.com	4	cisco meraki dashboard - Search

Endpoint Deep Visibility (Sysmon)

Per-process command lines, network connections, and DNS from Sysmon on endpoints. 80 total events across 1 endpoint(s).

Administrator

Process	Destination	Port	Count
dns.exe	ATEF-PC	50141	1
dns.exe	192.168.128.24	33585	1
claude.exe	137.66.149.34.bc.googleusercontent.com	443	1
dns.exe	ATEF-PC	52973	1
dns.exe	ATEF-PC	64507	1
dns.exe	dns.google	53	1
dns.exe	192.168.2.72	63700	1
RustDesk.exe	100.72.136.17	21116	1
dns.exe	192.168.128.24	46580	1
System	EHAB-PC	137	1
dns.exe	192.168.128.8	50919	1
dns.exe	192.168.2.72	51699	1
dns.exe	192.168.2.72	53390	1
dns.exe	192.168.128.24	33660	1
dns.exe	192.168.2.72	52125	1

Process	Command Line	Parent	Count
bash.exe	"C:\Program Files\Git\bin\..\usr\bin\bash.exe" -c "python3 /c/Users/Administrator/.claude/plugins/cache/claude-plugin...	bash.exe	1
wsmprovhost.exe	C:\Windows\system32\wsmprovhost.exe -Embedding	svchost.exe	1
bash.exe	"C:\Program Files\Git\bin\bash.exe" -c "python3 /c/Users/Administrator/.claude/plugins/cache/claude-plugins-official/...	claude.exe	1
bash.exe	"C:\Program Files\Git\bin\..\usr\bin\bash.exe" -c "python3 /c/Users/Administrator/.claude/plugins/cache/claude-plugin...	bash.exe	1
cvtres.exe	C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\ADMINI~1\Ap...	csc.exe	1
dllhost.exe	C:\Windows\system32\DllHost.exe /Processid:{E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E}	svchost.exe	1
bash.exe	"C:\Program Files\Git\bin\..\usr\bin\bash.exe" -c "python3 /c/Users/Administrator/.claude/plugins/cache/claude-plugin...	bash.exe	1
bash.exe	"C:\Program Files\Git\bin\bash.exe" -c "python3 /c/Users/Administrator/.claude/plugins/cache/claude-plugins-official/...	claude.exe	1
bash.exe	"C:\Program Files\Git\bin\bash.exe" -c "python3 /c/Users/Administrator/.claude/plugins/cache/claude-plugins-official/...	claude.exe	1
bash.exe	"C:\Program Files\Git\bin\bash.exe" -c "python3 /c/Users/Administrator/.claude/plugins/cache/claude-plugins-official/...	claude.exe	1

Process	Domain	Count
lsass.exe	_ldap._tcp.Default-First-Site-Name._sites.DomainDnsZones.MDM.local	1
lsass.exe	_ldap._tcp.Default-First-Site-Name._sites.dc._msdcs.MDM.local	1
claude.exe	http-intake.logs.us5.datadoghq.com	1
lsass.exe	_ldap._tcp.b2acf55b-0c55-43f8-8ad3-cd9c960643e2.domains._msdcs.MDM.local	1
lsass.exe	_kerberos._tcp.Default-First-Site-Name._sites.MDM.local	1
lsass.exe	gc._msdcs.MDM.local	1
lsass.exe	_ldap._tcp.Default-First-Site-Name._sites.ForestDnsZones.MDM.local	1
lsass.exe	ForestDnsZones.MDM.local	1
lsass.exe	_ldap._tcp.Default-First-Site-Name._sites.gc._msdcs.MDM.local	1
lsass.exe	_gc._tcp.Default-First-Site-Name._sites.MDM.local	1

Network Traffic (Meraki)

Client	IP	Sent (MB)	Received (MB)	Total (MB)
e49caeaf-cd07-4dee-b1c1-53b6febc88b3	192.168.2.226	0.1	0.6	0.8
2ca4ad96-36dc-4e02-a907-3ef735a7db7f	192.168.2.197	0.3	0	0.3
Dalia-Salib-PC	192.168.2.153	0.3	2.3	2.6
DMs-iPhone	192.168.2.183	0.1	5.9	6
BB8836102	192.168.2.73	0	0	0
Nervine-PC	192.168.2.72	0.1	0.4	0.5
f2:f6:44:fc:d6:43	192.168.2.128	0	0	0
18J180104009	192.168.2.187	0	0	0
46:0a:10:11:6a:78	192.168.2.111	0	0	0
f69b87fb-29a5-4800-becc-978641060148	192.168.2.127	0.1	0.7	0.8
14:2f:fd:0d:d3:0d	192.168.2.64	0	0	0
c0:74:ad:1b:b1:db	192.168.2.94	0	0	0
BB8836154	192.168.2.124	0	0	0
Watch	192.168.2.98	0	0	0
iPhone	192.168.2.217	0.2	0.2	0.5

Microsoft 365 Activity

Email & Teams data is from Mar 19 (yesterday — Microsoft reports have a ~24h processing delay). Sign-ins are real-time.

Sign-In Activity

User	App	Location	Status	Last Time
Michael Guirguis	App Studio for Microsoft Teams	Mississauga, CA	Failed (65002)	Mar 20 12:36 AM
Michael Guirguis	Microsoft Graph Command Line Tools	Mississauga, CA	Failed (50199)	Mar 20 12:24 AM
Michael Guirguis	Microsoft Teams Web Client	Mississauga, CA	Success	Mar 20 12:43 AM
Michael Guirguis	NetBird	Mississauga, CA	Success	Mar 20 12:14 AM
Michael Guirguis	App Studio for Microsoft Teams	Mississauga, CA	Success	Mar 20 12:36 AM
Michael Guirguis	Microsoft Teams Admin Portal Service	Mississauga, CA	Success (4x)	Mar 20 1:13 AM
Michael Guirguis	Azure Portal	Mississauga, CA	Success	Mar 20 12:36 AM
Michael Guirguis	Bot Framework Dev Portal	Mississauga, CA	Success	Mar 20 12:37 AM
Michael Guirguis	Office365 Shell WCSS-Client	Mississauga, CA	Success (6x)	Mar 20 12:53 AM
Hani Abdelmalek	One Outlook Web	Mississauga, CA	Success	Mar 20 2:29 AM
Michael Guirguis	Microsoft Graph Command Line Tools	Mississauga, CA	Success	Mar 20 12:27 AM

File Access (Shared Drives)

No file access events recorded. Data will appear once users access audited shares.

Daily Activity Report