Forum Discussion
Tythadius
Jul 10, 2022Copper Contributor
More than 10 failed logins per user and device
Hello I have been working with a query that is very useful but I want it to show me the username of the person as well as the device used. I am using a pre built query I found to detect more than 10...
madhumohan
Sep 20, 2022Copper Contributor
The following should help you.
DeviceLogonEvents
| where AccountName in~ ("Tythadius", "Tythadius2")
| where ActionType == "LogonFailed"
| summarize LogonFailures = count() by AccountName, LogonType
| where LogonFailures > 10
DeviceLogonEvents
| where AccountName in~ ("Tythadius", "Tythadius2")
| where ActionType == "LogonFailed"
| summarize LogonFailures = count() by AccountName, LogonType
| where LogonFailures > 10