Suspected Brute force attack Investigation

Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · 📊

↑ Back to Content Index

---

Summarize all the failures and success events for all users in the last 24 hours, only identify users with more than 100 failures in the set period

Attribute	Value
Type	Hunting Query
Solution	GitHub Only
ID	056ceb9b-8f07-42b3-853e-ef3779de222e
Tactics	CredentialAccess
Techniques	T1110
Required Connectors	AzureActiveDirectory, AzureActiveDirectory
Source	View on GitHub

---

Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · 📊

↑ Back to Hunting Queries