AZT202 - Password Spraying#
An adversary may potentially gain access to AzureAD by guessing a common password for multiple users.
Resource
Azure Active Directory
Actions
N/A
Detections
Logs#
Data Source | Application | Resource | Log Location |
---|---|---|---|
Azure Active Directory | Azure Portal | Windows Azure Service Management API | Sign-in Logs |
Azure Active Directory | Microsoft Azure PowerShell | Windows Azure Service Management API | Sign-in Logs |
Detection Screenshots#
Detection Notes#
The main difference between a successful and unsuccessful login is the 'Status' field, which will designate a "Success" or "Failure".
Additional Resources