Password-Spraying

A machine learning job detected a spike in successful authentication events from a source IP address, which can indicate password spraying, user enumeration, or brute force activity, potentially leading to credential access.

Detection of multiple consecutive logon failures from the same source address within a short time interval on Windows systems, indicating potential brute force or password spraying attacks targeting multiple user accounts.