OSSEC Alert: Multiple authentication failures

This rule is part of a beta feature. To learn more, contact Support.
ossec-security

Classification:

attack

Tactic:

TA0006-credential-access

Technique:

T1110-brute-force

Cette page n'est pas encore disponible en français, sa traduction est en cours.
Si vous avez des questions ou des retours sur notre projet de traduction actuel, n'hésitez pas à nous contacter.

Goal

Detect when multiple failed authentication attempts are detected by OSSEC.

Strategy

This rule lets you monitor if there are multiple authentication failures in a limited time interval.

Triage and Response

  1. Check the activity detected on the System: {{@syslog.hostname}}.

  2. Analyze the rule that triggered along with the brief description and log message attached with the log:

    • Rule ID: {{@rule_id}}
    • Description: {{@description}}
    • Log Message: {{@log}}

  3. Inform your administrator to take further action for the detected failed activity.