Managed Sentinel – Alert 033
| Alert ID | MS-A033 |
| Alert Name | Excessive number of Windows Account login failures |
| Description | This alert triggers when a Windows user account has over 50 Windows logon failures today and at least 25% of the count of logon failures previous 7 days. This can be an indicator of a brute force attack against selected Windows accounts. |
| Severity Level | Low |
| Threat Indicator | Compromised Account |
| MITRE ATT&CK Tactics | Credential Access |
| Log Source | Windows |
| False Positives | Scheduled penetration test running on customer network assets |
| Recommendations | 1. Identify the computer(s) from where the attack was initiated. 2. Reset password(s) on affected user accounts. |