Set up the azure integration.
Detect and identify the network IP address when multiple user accounts have login attempt activities recorded.
Monitor Azure Active Directory and detect when any
@evt.category is equal to
SignInLogs and more than 1 of the
@evt.outcome are equal to
false and was initiated by the same network IP address.
Security Signal returns HIGH firstname.lastname@example.org
has value ofsuccess` after multiple failed logins were initiated by the same network IP address.