Managed Sentinel – Alert 195

Alert IDMS-A195
Alert NameMultiple Password Reset by user
DescriptionThis alert will determine multiple password resets by user across multiple data sources. Account manipulation including password reset may aid adversaries in maintaining access to credentials and certain permission levels within an environment.
Severity LevelLow
Threat Indicator
MITRE ATT&CK TacticsPersistence
CredentialAccess
Log sourcesAudit Logs, Signin Logs, OfficeActivity
False Positives
Recommendations