Managed Sentinel – Alert 101

Alert IDMS-A101
Alert NameSuspicious high privilege account login failure on Windows systems
DescriptionThis will alert on x login failure attempts within predefined timelines and correlate with a customer's provided list of accounts.
Severity LevelLow
Threat IndicatorRoot Access
MITRE ATT&CK TacticsInitial Access
Privilege Escalation
Credential Access
Log sourcesWindows Security Event Logs
False PositiveUnknown
RecommendationsDisable user account. Use Azure Sentinel to query and report all access from affected user account to other internal resources (lateral movement).