Update gte_6_FailedLogons_10m.yaml
This commit is contained in:
Родитель
414cece17d
Коммит
69b5c47f08
|
@ -16,7 +16,6 @@ tactics:
|
|||
relevantTechniques:
|
||||
- T1110
|
||||
query: |
|
||||
|
||||
let timeframe = 10m;
|
||||
let threshold = 20;
|
||||
SecurityEvent
|
||||
|
@ -52,4 +51,4 @@ query: |
|
|||
Activity, Computer, Account, TargetAccount, TargetUserName, TargetDomainName,
|
||||
LogonType, LogonTypeName, LogonProcessName, Status, SubStatus, Reason, ResourceId, SourceComputerId, WorkstationName, IpAddress
|
||||
| where FailedLogonCount >= threshold
|
||||
| extend timestamp = StartTime, AccountCustomEntity = Account, HostCustomEntity = Computer, IPCustomEntity = IpAddress
|
||||
| extend timestamp = StartTime, AccountCustomEntity = Account, HostCustomEntity = Computer, IPCustomEntity = IpAddress
|
||||
|
|
Загрузка…
Ссылка в новой задаче