MS-A033

Managed Sentinel – Alert 033

Alert IDMS-A033
Alert NameExcessive number of Windows Account login failures
DescriptionThis alert triggers when a Windows user account has over 50 Windows logon failures today and at least 25% of the count of logon failures previous 7 days. This can be an indicator of a brute force attack against selected Windows accounts.
Severity LevelLow
Threat IndicatorCompromised Account
MITRE ATT&CK TacticsCredential Access
Log SourceWindows
False PositivesScheduled penetration test running on customer network assets
Recommendations1. Identify the computer(s) from where the attack was initiated.
2. Reset password(s) on affected user accounts.

Close