Tuning Sentinel Analytic Rules: Malicious IP Signon Attempt

Today’s analytic rule had be second guessing myself. For starters, I believe this was a custom rule slapped together by one of the junior analyst. The rule logic is as follows: SigninLogs | where ResultsDescription contains "Sign-in was blocked becau...