Azure-Sentinel/Excessive login attempts.json

32 строки
1.6 KiB
JSON

{
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"workspace": {
"type": "String"
}
},
"resources": [
{
"id": "[concat(resourceId('Microsoft.OperationalInsights/workspaces/providers', parameters('workspace'), 'Microsoft.SecurityInsights'),'/alertRules/71fec017-1d21-49b7-9c53-d2245e3e4f25')]",
"name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/71fec017-1d21-49b7-9c53-d2245e3e4f25')]",
"type": "Microsoft.OperationalInsights/workspaces/providers/alertRules",
"kind": "MicrosoftSecurityIncidentCreation",
"apiVersion": "2021-09-01-preview",
"properties": {
"displayName": "Create incidents based on Microsoft Defender for IoT alerts on excessive login attempts",
"description": "Excessive login attempts may indicate improper service configuration, human error, or malicious activity on the network; a cyber threat attempting to manipulate the SCADA network.",
"enabled": true,
"productFilter": "Azure Security Center for IoT",
"severitiesFilter": null,
"displayNamesFilter": [
"Excessive Login Attempts",
"Excessive SMB login attempts",
"Password Guessing Attempt Detected"
],
"displayNamesExcludeFilter": null,
"alertRuleTemplateName": null
}
}
]
}