Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · Logic Apps · 📊
Query over SigninLogs summarizes login attempts per hour on weekdays. Kusto anomaly detection finds login spikes. Calculates percentage change between anomalous period and average logins. Determines success and failure rate for logins for 1 hour period.
| Attribute | Value |
|---|---|
| Type | Hunting Query |
| Solution | Standalone Content |
| ID | 528c1708-a67e-4e2f-b76d-d5e5e88a22aa |
| Tactics | InitialAccess |
| Techniques | T1078 |
| Required Connectors | AzureActiveDirectory |
| Source | [View on GitHub](https://github.com/Azure/Azure-Sentinel/blob/master/Hunting Queries/SigninLogs/LoginSpikeWithIncreaseFailureRate.yaml) |
Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · Logic Apps · 📊