Managed Sentinel – Alert 124
| Alert ID | MS-A124 |
| Alert Name | Multiple Login failures for multiple accounts within a predefined time interval on Windows servers |
| Description | This alert is triggered for x login failures in y minutes from different different accounts on a Windows server.Customer to provide a list of servers subject to this alert |
| Severity Level | Medium |
| Threat Indicator | Unauthorized Access |
| MITRE ATT&CK Tactics | Initial Access Privilege Escalation Credential Access Discovery |
| Log sources | Windows Security Event Logs |
| False Positives | Organization wide password policy GPO push (planned change) |
| Recommendations | Investigate in Sentinel the originator of these requests to see if any lateral movements were successfully completed from this source. Apply a global password policy change. |