Mapping failed logins in Azure Sentinel using IP Geolocation:
Tags
attack-pattern: Data Ip Addresses - T1590.005 Powershell - T1059.001 Remote Desktop Protocol - T1021.001 Vulnerabilities - T1588.006 Powershell - T1086 Remote Desktop Protocol - T1076
Show in Graph
Common Information
Type Value
UUID e97c916d-2877-46eb-9f72-1f6ca0c0caf8
Fingerprint b8582f0b2d3be7c2
Analysis status DONE
Considered CTI value 0
Text language
Published Oct. 18, 2024, 7:26 p.m.
Added to db Oct. 18, 2024, 10:19 p.m.
Last updated Oct. 18, 2024, 10:19 p.m.
Headline Mapping failed RDP logins using Azure Sentinel and IP Geolocation API
Title Mapping failed logins in Azure Sentinel using IP Geolocation:
Detected Hints/Tags/Attributes 19/1/1
Source URLs
Redirection Url
Details Source https://medium.com/@hariharans27022003/mapping-failed-logins-in-azure-sentinel-using-ip-geolocation-07454800b3a8?source=rss------cybersecurity-5
URL Provider
Details Provider Source level domain
Details medium.com medium.com
RSS Feed
Details Id Enabled Feed title Url Added to db
Details 167 Cybersecurity on Medium https://medium.com/feed/tag/cybersecurity 2024-08-30 22:08
Attributes
Details Type #Events CTI Value
Details Domain 11 
ipgeolocation.io