Skip to main content
Security Center uses tenant log events to identify patterns that are usually an indicator of known attack types. We classify tenant log event patterns into categories: credential stuffing threats, signup attack threats, and bypass threats.
Classification of event type codes may change. Avoid implementing solutions dependent on the current log event code definitions.

Credential stuffing

We identify credential stuffing threats within a single hour with the following event codes:

Signup attack

We identify signup attack threats within a single hour with the following event codes:

MFA bypass

We identify MFA bypass threats within a single hour with the following event codes: