Managed Sentinel – Alert 192

Alert IDMS-A192
Alert NameDistributed Password cracking attempts in Azure AD
DescriptionThis alert identifies distributed password cracking attempts from the Azure Active Directory SigninLogs. The query looks for unusually high number of failed password attempts coming from multiple locations for a user account.
Severity LevelMedium
Threat Indicator
MITRE ATT&CK TacticsCredential Access
Log sourcesSigninLogs
False Positives
Recommendations