Jul 15 2021 05:53 AM
Greetings, I have a technical question about log gathering in Sentinel.
I am currently setting up an alarm for when there has been attempted more than 5 login attempts for users against the azure portal. I have then gone ahead and failed the login 5 times for a user and can see these logs in AAD sign-in logs.
However, in Azure Sentinel sign-in logs i have only 3 events of this happening. Not 5, so the alarm wont go off. Is there some setting i need to tweak for it to send over all the logs and not just parts of it?
Jul 15 2021 07:39 AM
SolutionJul 15 2021 07:39 AM
Solution