Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · Logic Apps · 📊
This query will determine multiple password resets by user across multiple data sources. Account manipulation including password reset may aid adversaries in maintaining access to credentials and certain permission levels within an environment.
| Attribute | Value |
|---|---|
| Type | Analytic Rule |
| Solution | Standalone Content |
| ID | 0b9ae89d-8cad-461c-808f-0494f70ad5c4 |
| Severity | Low |
| Kind | Scheduled |
| Tactics | InitialAccess, CredentialAccess |
| Techniques | T1078, T1110 |
| Required Connectors | AzureActiveDirectory, SecurityEvents, Syslog, Office365, WindowsSecurityEvents, WindowsForwardedEvents |
| Source | View on GitHub |
Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · Logic Apps · 📊