API

Possible brute force attempted against user

Documentos > Datadog Security > OOTB Rules > Possible brute force attempted against user

This rule is part of a beta feature. To learn more, contact Support.

Classification:

attack

Tactic:

TA0001-initial-access

Technique:

T1078-valid-accounts

This page is not yet available in Spanish. We are working on its translation.
If you have any questions or feedback about our current translation project, feel free to reach out to us!

Goal

Detect when a user attempts to access the OCI console an anomalous amount of times.

Strategy

This rule monitors OCI to detect the 404 error message.

Triage and response

Determine if {{@user.name}} should be attempting to use the identified API calls: {{@evt.name}}.
Contact the user to see if they intended to make these API calls.
If the user did not make the API calls:
- Rotate the credentials.
- Investigate which unauthorized API calls might have succeeded throughout the rest of the environment.