Synopsis
Activation Period |
14 Days |
Training Period |
30 Days |
Test Period |
10 Minutes |
Deduplication Period |
1 Day |
Required Data |
|
Detection Modules |
Identity Analytics |
Detector Tags |
|
ATT&CK Tactic |
|
ATT&CK Technique |
|
Severity |
Informational |
Description
- This may indicate an NTLM brute force attack.
Attacker's Goals
The attacker attempts to gain access to the accounts.
Investigative actions
Verify any successful authentication by the user account referenced by the alert, as these can indicate the attacker managed to guess the credentials.
Variations
NTLM brute force on a sensitive userHigh-frequency NTLM brute force attempts detected