LoFP
/
security audits may trigger this alert. conditions that generate bursts of failed logins, such as misconfigured applications or account lockouts could trigger this alert.
t1110
ml
elastic
Techniques
T1110
Sample rules
Unusual Login Activity
source
:
elastic
technicques
:
T1110
Description
Identifies an unusually high number of authentication attempts.
Detection logic