Access by the same user to a system from multiple sources
This alert is triggered when Windows users is accessing same machines from multiple locations within a predefined time frame.
MITRE ATT&CK Tactics
Windows Security Event Log
1. Identify user account which credentials that have been compromised
2. Reset password for the compromised Windows account
3. Identify lateral movement of compromised user account throughout the enterprise by performing additional queries in Sentinel platform.