Detection rules › By eventMicrosoft-Windows-Security-Auditing event 47767 detection rules reference this event. View event page.Sigma (3)Account Tampering - Suspicious Failed Logon Reasons severity medium T1078 Hacktool Ruler severity high T1059, T1087, T1114, T1550.002 Metasploit SMB Authentication severity high T1021.002 Splunk (4)Windows Multiple Invalid Users Failed To Authenticate Using NTLM T1110.003 Windows Multiple Users Failed To Authenticate From Host Using NTLM T1110.003 Windows Unusual Count Of Invalid Users Failed To Auth Using NTLM T1110.003 Windows Unusual Count Of Users Failed To Authenticate Using NTLM T1110.003