Hi,
I hope you've all patched your DCs with MS14-068 by now. Ongoing attacks
resonate in Windows event log and can be detected with Sentinel:

https://www.netiq.com/