How to identify an elusive process? (Help with investigating an IOC)

Hello Splunkers, I'm hoping to get some help investigating a potential IOC. Here is the situation, my Infosec app for Splunk (https://splunkbase.splunk.com/app/4240/) dashboard has flagged a system for possible bruteforce attempt. I have identified the system (a workstation), the account name being attempted ("host"), the logon target (Domain) and some what of a pattern for attempts (2-3 attempts per 30 minute block and decreasing port number with each attempt for as long as the system is on regardless of whether or not a user is logged in). What I can't find out, is the process involved. (I can't figure out what is trying to login) I tried google searching for malware that has this same behavior but didn't find anything. I have used "TcpLogView" in an attempt to log the process that is opening the port but, it seems that it opens and closes too quickly for TcpLogView to see it, as the ports listed in the events are not listed by TcpLogView. I have even installed Splunk forwarder on this workstation to gain some visibility but I don't know if I'm ingesting the right data. So, how can I identify what is making the attempts? Thank you in advance for any help or suggestions. Here is a log entry showing the failed attempt with ##comments and some *redaction. This event was generated by the DC. 09/10/2019 02:31:04 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4768 EventType=0 Type=Information ComputerName=*DC-Name TaskCategory=Kerberos Authentication Service OpCode=Info RecordNumber=3587264684 Keywords=Audit Failure Message=A Kerberos authentication ticket (TGT) was requested. Account Information: Account Name: host Supplied Realm Name: *Domain-name User ID: NULL SID Service Information: Service Name: krbtgt/*Domain-name Service ID: NULL SID Network Information: Client Address: 192.168.10.170 ##workstation's IP Client Port: 53169 Additional Information: Ticket Options: 0x40800010 Result Code: 0x6 ##Client not found in Kerberos database Ticket Encryption Type: 0xFFFFFFFF Pre-Authentication Type: -