Anomalous amount of failed sign-in attempts by 1Password user
このページは日本語には対応しておりません。随時翻訳に取り組んでいます。
翻訳に関してご質問やご意見ございましたら、
お気軽にご連絡ください。
Goal
Detect failed sign-in attempts from a 1Password user.
Strategy
This rule monitors 1Password logs to identify when an user generates an anomalous amount of failed sign-in events.
Triage and response
Investigate and determine if user {{@usr.email}} with failed sign-in events {{@evt.outcome}}, attempting to authenticate from IP address {{@network.client.ip}} should have access.
Changelog
Updated query by replacing @evt.category:*failed* with @evt.outcome:*failed*.
