Permutations on logon attempts by UserPrincipalNames indicating potential brute force

Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · Logic Apps · 📊

↑ Back to Content Index

---

This identifies failed logon attempts using permutations based on known first and last names within 10m time windows. Iteration through separators or order changes in the logon name may indicate potential Brute Force logon attempts.

Attribute	Value
Type	Hunting Query
Solution	Standalone Content
ID	472e83d6-ccec-47b8-b1cd-75500f936981
Tactics	CredentialAccess
Techniques	T1110
Required Connectors	AzureActiveDirectory, Office365
Source	[View on GitHub](https://github.com/Azure/Azure-Sentinel/blob/master/Hunting Queries/MultipleDataSources/PermutationsOnLogonNames.yaml)

---

Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · Logic Apps · 📊

↑ Back to Hunting Queries