Managed Sentinel – Alert 177

Alert IDMS-A177
Alert NameExcessive RDP Authentication Failures
DescriptionThis alert triggers when the same user generated 5 or more RDP login failures, which can be indicative of lateral movement activity.
Severity LevelLow
Threat Indicator
MITRE ATT&CK TacticsLateralMovement
Log sourcesSecurityEvent
False Positives
Recommendations