sagarm365/Monitor-Microsoft-365-Security-with-Microsoft-Sentinel

Use Sentinel. Run Failed Login Attempt Query. Turn on Fusion Machine Learning.

Monitor-Microsoft-365-Security-with-Microsoft-Sentinel

Use Sentinel. Run Failed Login Attempt Query. Turn on Fusion Machine Learning.

Description

Lab consists of a Run Failed Login Attempt Query & Turn on Fusion Machine Learning using Microsoft Azure Sentinel (SIEM). We will monitor activity of Microsoft 365 Security with Microsoft Sentinel. A Log Analytics workspace is required to house all of the data that Microsoft Sentinel will be ingesting and using for its detections, analytics, and other features.

Environments Used

- Microsoft Azure Sentinel Portal

Prerequisites

- Password Lockout Settings modified by anyone assigned the following roles:

• Log Analytics Contributor
• Log Analytics Reader
• Global Administrator

- Licenses: Azure AD trial or Premium P1 or higher licenses

Program walk-through:

Steps:

1. Steps: 1. Go to Azure portal --> Azure Sentinel 2. Select Azure Sentinel Workspace 3. Select Hunting --> select Query ‘Failed login attempt’ --> Run Query 4. Go to Analytics section --> select active rule --> edit 5. Enable status of rule --> Configure it 6. Review & Save

Screenshots:

Select Log Workspace Analytics:


Select Query:


Active Rules of Query:


Enable Status:


Result: