Managed Sentinel – Alert 128
|Alert Name||NAS Login Failures|
|Description||This alert indentifies failed login attempts into Network Attached Storage.|
|Threat Indicator||Unauthorized Access|
|MITRE ATT&CK Tactics||Credential Access |
|Log sources||Network Attached Storage|
|False Positive||Service Accounts|
|Recommendations||1. Change user account password used during this event|
2. Ensure NAS storage software is patched to the latest available patch or firmware
3. Apply the NAS vendor recommended hardening guidelines to ensure that the system is secure
4. Use Azure Sentinel to investigate any suspicious access from affected user account to other internal resources (lateral movement).
5. Investigate source host from where the login attempt was tried.
6. Perform an Azure Sentinel investigation for this entity (IP address related to the attacker)