▶️ Investigation Failed logins
The logs are from a sample of Microsoft Sentinel Training Lab Solution. Once you have install or integrating the data you can go through the log and look for incidents and alerts.
Before creating rules I had to make sure the logs ingested and the data connectors are integrated with Microsoft Defender XDR. Currently Microsoft sentinel and Defender XDR are intergrading and there are some work around to get the log ingested. Log in to portal.azure.com search for Microsoft Sentinel and choose your workspace. On the navigation bar on the left scroll down until you see Section Configuration and choose Data connectors. Search for XDR to find Microsoft Defender XDR and Open connector page. In this situation I am only looking for alerts for login attempts so I will be adding AlertInfo and AlertEvidence.
Microsoft Defender XDR includes: