Multiple Authentication Failures

Description

Triggered when a user fails authentication multiple times. This anomaly is only triggered when the number of authentication failures exceeds the enterprise average.

Content Mapping

This content is not mapped to any local saved search. Add mapping


Use Case

Advanced Threat Detection, Insider Threat, Security Monitoring, Compliance

Category

Account Compromise, IAM Analytics, Insider Threat, Lateral Movement, Zero Trust

Alert Volume

High

Journey

Stage 4

MITRE ATT&CK Tactics

Credential Access

MITRE ATT&CK Techniques

Brute Force

MITRE Threat Groups

APT39
DarkVishnya
FIN5
OilRig
Turla

Data Sources

Windows Security
Authentication