Query Details
Failed Logins Per Account
Query
// Windows failed logins. Find reports of Windows accounts that failed to login. SecurityEvent | where EventID == 4625 | summarize count() by TargetAccount | sort by count_ desc
Explanation
This query searches for security events related to failed login attempts on Windows accounts. It counts the number of occurrences for each target account and sorts the results in descending order.
Details
Rod Trent
Released: November 5, 2021
Tables
SecurityEvent
Keywords
SecurityEvent,EventID,TargetAccount,count_
Operators
where==summarizecount()bysort by