Asana brute force attempt
Set up the asana integration.
このページは日本語には対応しておりません。随時翻訳に取り組んでいます。
翻訳に関してご質問やご意見ございましたら、
お気軽にご連絡ください。
Goal
Identify cases where there is a high number of failed login attempts followed by a successful login. This behavior can indicate a brute-force attack or an unauthorized access attempt.
Strategy
This rule monitors failed login attempts followed by a successful login, raising an alert if the count surpasses the threshold.
Triage and response
- Review logs to identify the account
{{@usr.email}} associated with the failed login attempts. - Examine the IP addresses and locations (
{{@network.client.ip}}, {{@network.client.geoip.city.name}}, {{@network.client.geoip.country.name}}) associated with the failed attempts to identify any unusual access patterns. - Determine if the login attempts are clustered within a short period or if they follow a gradual pattern, as this can help distinguish between brute-force and accidental lockouts.
- Investigate if there are any ongoing system issues or maintenance activities that could account for increased login failures.
- If suspicious behavior is detected, consider locking the affected accounts, notifying users, and requiring additional authentication steps.
