Jumpcloud brute force attack on user

This rule is part of a beta feature. To learn more, contact Support.
jumpcloud

Classification:

attack

Tactic:

TA0006-credential-access

Technique:

T1110-brute-force

Set up the jumpcloud integration.

Cette page n'est pas encore disponible en français, sa traduction est en cours.
Si vous avez des questions ou des retours sur notre projet de traduction actuel, n'hésitez pas à nous contacter.

Goal

Detect a brute force attack on a user.

Strategy

To identify a successful attempt: Detect when the same user fails to log in five times, and then successfully logs in. This generates a MEDIUM severity signal.

To identify an unsuccessful attempt: Detect when the same user fails to log in five times. This generates an INFO severity signal.

Triage and response

  1. Inspect the logs to see if this was a valid login attempt.
  2. Verify if 2FA was authenticated.
  3. If the user was compromised, rotate user credentials.