Investigation Scenario 🔎
You've received an alert from the pictured Sigma rule indicating an account lockout occurred in your Azure environment.
What do you look for to investigate whether an incident occurred?
#InvestigationPath #DFIR #SOC
You've received an alert from the pictured Sigma rule indicating an account lockout occurred in your Azure environment.
What do you look for to investigate whether an incident occurred?
#InvestigationPath #DFIR #SOC
Comments