Managed Sentinel – Alert 259
| Alert ID | MS-A259 |
| Alert Name | Excessive SSL VPN login failures - SonicWall |
| Description | This alert identifies when a user account performs more than 10 failed logins to the VPN in 24 hours. |
| Severity Level | Low |
| Threat Indicator | |
| MITRE ATT&CK Tactics | Collection CredentialAccess |
| Log sources | Security Event |
| False Positives | |
| Recommendations |