Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · 📊
This query detects multiple failed logon attempts from the same IP within a short span of time. It relies on the SQLEvent KQL Parser function.
| Attribute | Value |
|---|---|
| Type | Hunting Query |
| Solution | Microsoft Windows SQL Server Database Audit |
| ID | 72727649-6445-46a3-b249-997a009fad89 |
| Tactics | CredentialAccess |
| Techniques | T1110 |
| Required Connectors | AzureMonitor(WindowsEventLogs) |
| Source | View on GitHub |
Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · 📊
↑ Back to Hunting Queries · Back to Microsoft Windows SQL Server Database Audit