Asana brute force attempt
Set up the asana integration.
Cette page n'est pas encore disponible en français, sa traduction est en cours.
Si vous avez des questions ou des retours sur notre projet de traduction actuel,
n'hésitez pas à nous contacter.
Goal
Identify cases where there is a high number of failed login attempts followed by a successful login. This behavior can indicate a brute-force attack or an unauthorized access attempt.
Strategy
This rule monitors failed login attempts followed by a successful login, raising an alert if the count surpasses the threshold.
Triage and response
- Review logs to identify the account
{{@usr.email}} associated with the failed login attempts. - Examine the IP addresses and locations (
{{@network.client.ip}}, {{@network.client.geoip.city.name}}, {{@network.client.geoip.country.name}}) associated with the failed attempts to identify any unusual access patterns. - Determine if the login attempts are clustered within a short period or if they follow a gradual pattern, as this can help distinguish between brute-force and accidental lockouts.
- Investigate if there are any ongoing system issues or maintenance activities that could account for increased login failures.
- If suspicious behavior is detected, consider locking the affected accounts, notifying users, and requiring additional authentication steps.
