Detect Excessive User Account Lockouts

Description

This search detects user accounts that have been locked out a relatively high number of times in a short period.

   Help

Detect Excessive User Account Lockouts Help

ou must ingest your Windows security event logs in the Change datamodel under the nodename is Account_Management, for this search to execute successfully. Please consider updating the cron schedule and the count of lockouts you want to monitor, according to your environment.

   Search

Open in Search