This alert indentifies failed login attempts into Network Attached Storage.
MITRE ATT&CK Tactics
Network Attached Storage
1. Change user account password used during this event
2. Ensure NAS storage software is patched to the latest available patch or firmware
3. Apply the NAS vendor recommended hardening guidelines to ensure that the system is secure
4. Use Azure Sentinel to investigate any suspicious access from affected user account to other internal resources (lateral movement).
5. Investigate source host from where the login attempt was tried.
6. Perform an Azure Sentinel investigation for this entity (IP address related to the attacker)