Techniques
Sample rules
Spike in Logon Events
- source: elastic
- technicques:
- T1110
Description
A machine learning job found an unusually large spike in successful authentication events. This can be due to password spraying, user enumeration or brute force activity.
Detection logic
Spike in Successful Logon Events from a Source IP
- source: elastic
- technicques:
- T1078
- T1110
Description
A machine learning job found an unusually large spike in successful authentication events from a particular source IP address. This can be due to password spraying, user enumeration or brute force activity.
Detection logic