Managed Sentinel – Alert 128

Alert IDMS-A128
Alert NameNAS Login Failures
DescriptionThis alert indentifies failed login attempts into Network Attached Storage.
Severity LevelMedium
Threat IndicatorUnauthorized Access
MITRE ATT&CK TacticsCredential Access
Log sourcesNetwork Attached Storage
False PositiveService Accounts
Recommendations1. Change user account password used during this event
2. Ensure NAS storage software is patched to the latest available patch or firmware
3. Apply the NAS vendor recommended hardening guidelines to ensure that the system is secure
4. Use Azure Sentinel to investigate any suspicious access from affected user account to other internal resources (lateral movement).
5. Investigate source host from where the login attempt was tried.
6. Perform an Azure Sentinel investigation for this entity (IP address related to the attacker)