Tons of unsuccessful logins for "test", "administrator", etc

SOLVED: Authentication attempts against the VPN/Firewall being forwarded to the DC.

So I've just setup a SIEM to gather all the Windows logs, and now I'm a bit troubled.

I have a bunch of failed logins from accounts like test, Guest, administrator, and from something weird like "@@CyBAA..." that's like 160 characters. The "administrator" ones are always trying to login to workstations on the network, the rest are trying the DC.

Should I be worried? Should I assume there is …

accounts authentication characters cybersecurity etc firewall logins logs siem test vpn weird windows windows logs