Forum Discussion
Understanding alert Password Spray in MCAS with details
Hello, we are facing alert in our MCAS "Risky sign-in: password spray". There is one activity associated with that after clicking on this alert: Description: Failed log on (Failure message: Strong a...
Hello Rberlinski ,
If you are looking for a guide on how to investigate MCAS alerts and especially the "Multiple failed logins" type of alert this might be helpful:
https://docs.microsoft.com/en-us/cloud-app-security/investigate-anomaly-alerts#credential-access-alerts
It provides: "general and practical information on each alert, to help with your investigation and remediation tasks"
- Thanks but this is far away what I expected. After short call with MS "password spray" alert more or less means that user used password which is flagged as common during this attack based on MS experience. My case is still open, I will let you know when grab some additional details.
