Managed Sentinel – Alert 162
| Alert ID | MS-A162 |
| Alert Name | SSL VPN login failures - Fortinet |
| Description | This alert identifies SSL VPN login failures. |
| Severity Level | Low |
| Threat Indicator | Compromised Credentials |
| MITRE ATT&CK Tactics | Credential Access Collection |
| Log sources | VPN |
| False Positives | |
| Recommendations | 1. Investigate the impacted VPN accounts status and ownership 2. If required reset account access credentials 3. Reach out to end user to validate the situation 4. If proven not be a false positive, perform an investigation via Azure Sentinel console to find out if any other connections inside of corporate network was completed by the VPN users. |