Managed Sentinel – Alert 033

Alert IDMS-A033
Alert NameExcessive number of Windows Account lockouts
DescriptionThis alert is based on an outlier query and it triggered when one or many Windows account lockout.
Severity LevelMedium
Threat IndicatorElevation of Privilege
MITRE ATT&CK TacticsPersistence
Credential Access
Log sourcesWindows Security Event Logs
RecommendationsThis can be an indicator of a brute force attack against selected Windows accounts. Identify the computer(s) from where the attack was initiated. Reset password(s) on affected user accounts.