Hey,
Since september 30, all the network sensors I manage, report this kind of events with no changes made in the network
Anyone else?
Thanks
If it’s DC to DC then it’s a FP. Recommend to raise with support to look into this
We are in the process of building out the detection for DC Sync attacks, we have not yet released these as new Detections though, as we are working on tuning for FPs at present
David
Thanks for the update David 
Hi Dave.
Any update on this?
We released a new DCSync Attack Detection Attacker Technique - Possible DCSync Attack that uses 4662 which has only been released for our Managed Detection and Response Customers
the RAPID7-TIDE Possible DCSync Attack is still under testing/analysis
David