Updated failed login rule query

Author: smustafa

Detections/SigninLogs/AnomalousSingleFactorSignin.yaml

@@ -22,12 +22,12 @@ tags:
 query: |
   let known_locations = (SigninLogs
     | where TimeGenerated between(ago(7d)..ago(1d))
-    | where ResultType == 0
+    | where ResultType != 0
     | extend LocationDetail = strcat(Location, "-", LocationDetails.state)
     | summarize by LocationDetail);
   let known_asn = (SigninLogs
     | where TimeGenerated between(ago(7d)..ago(1d))
-    | where ResultType == 0
+    | where ResultType != 0
     | summarize by AutonomousSystemNumber);
   SigninLogs
   | where TimeGenerated > ago(1d)