Azure-Sentinel/Excessive login attempts.json

{
    "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
    "contentVersion": "1.0.0.0",
    "parameters": {
        "workspace": {
            "type": "String"
        }
    },
    "resources": [
        {
            "id": "[concat(resourceId('Microsoft.OperationalInsights/workspaces/providers', parameters('workspace'), 'Microsoft.SecurityInsights'),'/alertRules/71fec017-1d21-49b7-9c53-d2245e3e4f25')]",
            "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/71fec017-1d21-49b7-9c53-d2245e3e4f25')]",
            "type": "Microsoft.OperationalInsights/workspaces/providers/alertRules",
            "kind": "MicrosoftSecurityIncidentCreation",
            "apiVersion": "2021-09-01-preview",
            "properties": {
                "displayName": "Create incidents based on Microsoft Defender for IoT alerts on excessive login attempts",
                "description": "Excessive login attempts may indicate improper service configuration, human error, or malicious activity on the network; a cyber threat attempting to manipulate the SCADA network.",
                "enabled": true,
                "productFilter": "Azure Security Center for IoT",
                "severitiesFilter": null,
                "displayNamesFilter": [
                    "Excessive Login Attempts",
                    "Excessive SMB login attempts",
                    "Password Guessing Attempt Detected"
                ],
                "displayNamesExcludeFilter": null,
                "alertRuleTemplateName": null
            }
        }
    ]
}
Analytics+Playbooks 2021-10-26 01:32:23 +03:00			`{`
			`"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",`
			`"contentVersion": "1.0.0.0",`
			`"parameters": {`
			`"workspace": {`
			`"type": "String"`
			`}`
			`},`
			`"resources": [`
			`{`
			`"id": "[concat(resourceId('Microsoft.OperationalInsights/workspaces/providers', parameters('workspace'), 'Microsoft.SecurityInsights'),'/alertRules/71fec017-1d21-49b7-9c53-d2245e3e4f25')]",`
			`"name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/71fec017-1d21-49b7-9c53-d2245e3e4f25')]",`
			`"type": "Microsoft.OperationalInsights/workspaces/providers/alertRules",`
			`"kind": "MicrosoftSecurityIncidentCreation",`
			`"apiVersion": "2021-09-01-preview",`
			`"properties": {`
			`"displayName": "Create incidents based on Microsoft Defender for IoT alerts on excessive login attempts",`
			`"description": "Excessive login attempts may indicate improper service configuration, human error, or malicious activity on the network; a cyber threat attempting to manipulate the SCADA network.",`
			`"enabled": true,`
			`"productFilter": "Azure Security Center for IoT",`
			`"severitiesFilter": null,`
			`"displayNamesFilter": [`
			`"Excessive Login Attempts",`
			`"Excessive SMB login attempts",`
			`"Password Guessing Attempt Detected"`
			`],`
			`"displayNamesExcludeFilter": null,`
			`"alertRuleTemplateName": null`
			`}`
			`}`
			`]`
			`}`