Azure Sentinel - IIS brute force tracking

Eduards 791 Reputation points


I want to create KQL query that catches brute force attacks against IIS server.

A this time i have information about successful logins and failed attempts. I want to track information about failed and successful login to IIS server, host, IP, login count etc.

For example - if there was 50 failed sign-in times generate alert and create incident. Or something like this.

Is there some IIS KQL samples?

Microsoft Sentinel
Microsoft Sentinel
A scalable, cloud-native solution for security information event management and security orchestration automated response. Previously known as Azure Sentinel.
1,002 questions
0 comments No comments
{count} votes

Accepted answer
  1. VipulSparsh-MSFT 16,246 Reputation points Microsoft Employee

0 additional answers

Sort by: Most helpful