Managed Sentinel – Alert 033

Alert IDMS-A033
Alert NameExcessive number of Windows Account login failures
DescriptionThis alert triggers when a Windows user account has over 50 Windows logon failures today and at least 25% of the count of logon failures previous 7 days. This can be an indicator of a brute force attack against selected Windows accounts.
Severity LevelLow
Threat IndicatorCompromised Account
MITRE ATT&CK TacticsCredential Access
Log SourceWindows
False PositivesScheduled penetration test running on customer network assets
Recommendations1. Identify the computer(s) from where the attack was initiated.
2. Reset password(s) on affected user accounts.