Detection rules › By event

Microsoft-Windows-Security-Auditing event 4625

19 detection rules reference this event. View event page.

Sigma (4)

Account Tampering - Suspicious Failed Logon Reasons severity medium T1078
Failed Logon From Public IP severity medium T1078, T1133, T1190
Hacktool Ruler severity high T1059, T1087, T1114, T1550.002
Metasploit SMB Authentication severity high T1021.002

Splunk (9)