Looking for failed logins

Author: smustafa

Detections/SigninLogs/AnomalousSingleFactorSignin.yaml

@@ -31,7 +31,7 @@ query: |
     | summarize by AutonomousSystemNumber);
   SigninLogs
   | where TimeGenerated > ago(1d)
-  | where ResultType == 0
+  | where ResultType != 0
   | where isempty(DeviceDetail.deviceId)
   | where AuthenticationRequirement == "singleFactorAuthentication"
   | extend LocationParsed = parse_json(LocationDetails), DeviceParsed = parse_json(DeviceDetail)