Sometimes we forget or mistype our passwords, but a spike in these occurrences could indicate more serious issues. By tracking account lockouts you get deeper insight into the health of your environment and can identify potential attackers trying to compromise your network or elevate their rights.
From the list on the left, find “No. of enabled locked-out users,” click on it to highlight the selection, and click the “>” arrow to move it to the selection field (Optional: select the color of the chart using the drop-down menu).
Tips for interpreting this report
This report can have random peaks and valleys based upon typical user behavior. Expect slightly larger spikes around the time of mandatory password changes (every 30 to 90 days, depending on policy) as users attempt to use old passwords, or have automated processes running with invalid credentials. Large spikes may indicate more serious problems, such as an attacker trying to brute-force passwords, resulting in a denial-of-service as accounts become locked out.