Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · 📊
'This hunting query will identify instances where a single user account has seen a high incidence of failed attempts from highly volatile IP addresses Changing IP address for every password attempt is becoming a more common technique amongst sophisticated threat groups. Often threat groups will randomise the user agent they are using as well as IP address. This technique has been enabled by the emergence of services providing huge numbers of residential IP addresses. These services are ofte
| Attribute | Value |
|---|---|
| Type | Hunting Query |
| Solution | GitHub Only |
| ID | 3d217bb4-9cc2-4aba-838a-48e606e910e6 |
| Tactics | InitialAccess, CredentialAccess |
| Techniques | T1078, T1078.004, T1110, T1110.004, T1110.003 |
| Required Connectors | AzureActiveDirectory |
| Source | View on GitHub |
This content item queries data from the following tables:
| Table | Transformations | Ingestion API | Lake-Only |
|---|---|---|---|
SigninLogs |
✓ | ✗ | ? |
The following connectors provide data for this content item:
| Connector | Solution |
|---|---|
| AzureActiveDirectory | Microsoft Entra ID |
Solutions: Microsoft Entra ID
Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · 📊