Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · Logic Apps · 📊
This query creates a list of IP addresses with the number of failed login attempts to Entra ID above a set threshold ( default of 5 ). It then looks for any successful Palo Alto VPN logins from any of these IPs within the same timeframe.
| Attribute | Value |
|---|---|
| Type | Analytic Rule |
| Solution | Standalone Content |
| ID | ba144bf8-75b8-406f-9420-ed74397f9479 |
| Severity | Medium |
| Kind | Scheduled |
| Tactics | InitialAccess, CredentialAccess |
| Techniques | T1078, T1110 |
| Required Connectors | AzureActiveDirectory, AzureActiveDirectory, PaloAltoNetworks |
| Source | View on GitHub |
Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · Logic Apps · 📊