Multiple Login Errors

Description

Triggered when the number of failed logins by a user is higher than the enterprise average. This anomaly could point to a number of things, including a brute force attack, password spraying, or just general suspicious behavior.

Content Mapping

This content is not mapped to any local saved search. Add mapping


Use Case

Security Monitoring

Category

Account Compromise, IAM Analytics, Zero Trust

Alert Volume

High

Journey

Stage 6

MITRE ATT&CK Tactics

Initial Access
Privilege Escalation
Persistence
Credential Access

MITRE ATT&CK Techniques

Valid Accounts
Brute Force

MITRE Threat Groups

APT18
APT28
APT33
APT39
APT41
Carbanak
Chimera
DarkVishnya
Dragonfly 2.0
FIN10
FIN4
FIN5
FIN6
FIN8
Leviathan
Night Dragon
OilRig
PittyTiger
Sandworm Team
Silence
Soft Cell
Suckfly
TEMP.Veles
Threat Group-3390
Turla
UNC2452
Wizard Spider
menuPass

Data Sources

Windows Security
Authentication