Managed Sentinel – Alert 062

Alert IDMS-A062
Alert NameMultiple failed login attempts within a predefined period of time
DescriptionThis alert notifies on more than x login failure attempts within y minutes on any Windows machine.
Severity LevelLow
Threat IndicatorUnauthorized Access
MITRE ATT&CK TacticsPrivilege Escalation
Credential Access
Log sourcesWindows Security Event Logs
False PositivesAllowed vulnerability scan or pen test
RecommendationsThis could be an indicator of a brute force attack. Perform an investigation in Sentinel and discover the originator computer(s) from the network. Complete a full scan of the identified machine.