Excessive number of Windows Account login failures
This alert triggers when a Windows user account has over 50 Windows logon failures today and at least 25% of the count of logon failures previous 7 days. This can be an indicator of a brute force attack against selected Windows accounts.
MITRE ATT&CK Tactics
Scheduled penetration test running on customer network assets
1. Identify the computer(s) from where the attack was initiated.
2. Reset password(s) on affected user accounts.