Managed Sentinel – Alert 033
|Alert Name||Excessive number of Windows Account login failures|
|Description||This alert triggers when a Windows user account has over 50 Windows logon failures today and at least 25% of the count of logon failures previous 7 days. This can be an indicator of a brute force attack against selected Windows accounts.|
|Threat Indicator||Compromised Account|
|MITRE ATT&CK Tactics||Credential Access|
|False Positives||Scheduled penetration test running on customer network assets|
|Recommendations||1. Identify the computer(s) from where the attack was initiated. |
2. Reset password(s) on affected user accounts.