OSSEC Alert: Multiple authentication failures

This rule is part of a beta feature. To learn more, contact Support.
このページは日本語には対応しておりません。随時翻訳に取り組んでいます。
翻訳に関してご質問やご意見ございましたら、お気軽にご連絡ください

Goal

Detect when multiple failed authentication attempts are detected by OSSEC.

Strategy

This rule lets you monitor if there are multiple authentication failures in a limited time interval.

Triage and Response

  1. Check the activity detected on the System: {{@syslog.hostname}}.

  2. Analyze the rule that triggered along with the brief description and log message attached with the log:

    • Rule ID: {{@rule_id}}
    • Description: {{@description}}
    • Log Message: {{@log}}
  3. Inform your administrator to take further action for the detected failed activity.