Suspicious Account Lockout

Description

Triggered when an account lockout occurs without any corresponding cause (e.g., password change, password reset, etc.)

Content Mapping

This content is not mapped to any local saved search. Add mapping


Use Case

Advanced Threat Detection, Insider Threat, Security Monitoring, Compliance

Category

Lateral Movement, Insider Threat, Account Compromise, IAM Analytics

Alert Volume

Medium (?)

SPL Difficulty

None

Journey

Stage 4

MITRE ATT&CK Tactics

Credential Access

MITRE ATT&CK Techniques

Brute Force

MITRE Threat Groups

APT39
DarkVishnya
FIN5
OilRig
Turla

Data Sources

Windows Security