<  Back to rules search

Potential brute force attack on AWS ConsoleLogin

cloudtrail

Classification:

attack

Tactic:

Technique:

Cette page n'est pas encore disponible en français, sa traduction est en cours.
Si vous avez des questions ou des retours sur notre projet de traduction actuel, n'hésitez pas à nous contacter.

Goal

Detect when a user is a victim of an Account Take Over (ATO) by a brute force attack.

Strategy

This rule monitors CloudTrail and detects when any @evt.name has a value of Console Login, and @responseElements.ConsoleLogin has a value of Failure.

Triage and response

  1. Determine if the user logged in with 2FA.
  2. Reach out to the user and ensure the login was legitimate.

Changelog

17 March 2022 - Update rule query.