Synopsis
Activation Period |
14 Days |
Training Period |
30 Days |
Test Period |
15 Minutes |
Deduplication Period |
1 Day |
Required Data |
|
Detection Modules |
Identity Analytics |
Detector Tags |
|
ATT&CK Tactic |
|
ATT&CK Technique |
|
Severity |
Informational |
Description
A local user account failed to log in multiple times in a short time period. This may indicate a brute-force attack.
Attacker's Goals
The attacker attempts to gain access to the account.
Investigative actions
Verify any successful authentication by the user account referenced by the alert, as these can indicate the attacker managed to guess the credentials.