forked from Azure/Azure-Sentinel
-
Notifications
You must be signed in to change notification settings - Fork 1
/
Excessive login attempts.json
32 lines (32 loc) · 1.58 KB
/
Excessive login attempts.json
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
{
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"workspace": {
"type": "String"
}
},
"resources": [
{
"id": "[concat(resourceId('Microsoft.OperationalInsights/workspaces/providers', parameters('workspace'), 'Microsoft.SecurityInsights'),'/alertRules/71fec017-1d21-49b7-9c53-d2245e3e4f25')]",
"name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/71fec017-1d21-49b7-9c53-d2245e3e4f25')]",
"type": "Microsoft.OperationalInsights/workspaces/providers/alertRules",
"kind": "MicrosoftSecurityIncidentCreation",
"apiVersion": "2021-09-01-preview",
"properties": {
"displayName": "Create incidents based on Microsoft Defender for IoT alerts on excessive login attempts",
"description": "Excessive login attempts may indicate improper service configuration, human error, or malicious activity on the network; a cyber threat attempting to manipulate the SCADA network.",
"enabled": true,
"productFilter": "Azure Security Center for IoT",
"severitiesFilter": null,
"displayNamesFilter": [
"Excessive Login Attempts",
"Excessive SMB login attempts",
"Password Guessing Attempt Detected"
],
"displayNamesExcludeFilter": null,
"alertRuleTemplateName": null
}
}
]
}