Add EventLog for login attempt using only blacklisted keyword
Password blacklists will prevent someone from using an easy password containing exclusively blacklisted keywords. But if I want to catch bad guys on my network, I want to see when someone is trying Company123 or Winter2020 for several different users. This is password spraying.
If we can add this short list of commonly guessed passwords to the password blacklist, I would then like to have an event logged when someone attempts to use one of them. If we see many of those events in a short period, the security team will need to investigate.