MS-A177 - Managed Sentinel

Managed Sentinel – Alert 177

Alert ID	MS-A177
Alert Name	Excessive RDP Authentication Failures
Description	This alert triggers when the same user generated 5 or more RDP login failures, which can be indicative of lateral movement activity.
Severity Level	Low
Threat Indicator
MITRE ATT&CK Tactics	LateralMovement
Log sources	SecurityEvent
False Positives
Recommendations