![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(256, 28.000000000000004%, 34%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EMH%3C/text%3E%3C/svg%3E)
1,296 questions
Hey
Depending on your environment, theres a number of factors that will help you in regards to viewing, detecting and working on Suspicious login attempts.
First is your Sentinel ingesting Identity protection logs and/or Microsoft Defender for Identity logs etc, if so there will be a new table that is generated within Microsoft sentinel for suspicious login attempts across your Microsoft based infrastructure. If you are wanting to monitor from bespoke sources then ingesting data in from these sources and identifying unusual activity i.e brute force etc. Custom alerting will need to be created for these types depending if they are Microsoft supported or not
Hope this helps, if you need more information, please reach out
Regards
Bill