High Number Of Login Failures From A Single Source

Description

This search detects more than 5 login failures in Office365 Azure Active Directory from a single source IP address. Please adjust the threshold value of 5 as suited for your environment.

Content Mapping

This content is not mapped to any local saved search. Add mapping


Use Case

Security Monitoring

Category

Adversary Tactics

Alert Volume

This search detects more than 5 login failures in Office365 Azure Active Directory from a single source IP address. Please adjust the threshold value of 5 as suited for your environment.

SPL Difficulty

None

Journey

Stage 3

MITRE ATT&CK Tactics

Credential Access

MITRE ATT&CK Techniques

Brute Force

Password Guessing

MITRE Threat Groups

APT28

Data Sources


   Search

Open in Search