Search for Recent Authentication Failure in SFTP

Overview

Monitoring authentication failures in SFTP can help identify security risks, misconfigurations, and unauthorized access attempts. This guide explains how to search for authentication failures using AWS CloudWatch.

Azure Log Analytics Workspace

Steps to Search for Authentication Failures

Access Log Analytics Workspace:

Open Azure Monitor > Logs.
Select the relevant Log Analytics Workspace.

Run the Query:

AzureDiagnostics
| where Message contains "Authentication failed"

Filter by User (Optional):

AzureDiagnostics
| where Message contains "Authentication failed"
| where User == "username_here"

Replace username_here with the actual username.

SFTP Gateway Support

3.0

Search for Recent Authentication Failure in SFTP

Overview

Azure Log Analytics Workspace