May 12 2020 05:12 AM
Hello everyone, I´m starting with Azure Sentinel in my organization and one of the first data we want to know, is if an account is locked, from where the user/malware was trying.
Thanks in advanced
Grettings
May 12 2020 06:00 AM
Do you mean a user account, if so from AD or Azure AD? AD is normally handled by Security Events/logs and AAD is contained in the Siginlogs table (after you connect AAD to Sentinel)
May 12 2020 06:07 AM
May 12 2020 06:36 AM
May 12 2020 07:04 AM