- 필수 기능
- 시작하기
- Glossary
- 표준 속성
- Guides
- Agent
- 통합
- 개방형텔레메트리
- 개발자
- Administrator's Guide
- API
- Datadog Mobile App
- CoScreen
- Cloudcraft
- 앱 내
- 서비스 관리
- 인프라스트럭처
- 애플리케이션 성능
- APM
- Continuous Profiler
- 스팬 시각화
- 데이터 스트림 모니터링
- 데이터 작업 모니터링
- 디지털 경험
- 소프트웨어 제공
- 보안
- AI Observability
- 로그 관리
- 관리
Tactic:
Detect Account Takeover (ATO) attempts on services. ATO attempts include brute force, dictionary, and distributed credential stuffing attacks.
This detection rule is designed to detect brute force attempts, where an attacker attempts to log in to a single account using different passwords, until it finds the correct one by chance.
Datadog auto-instruments many event types. Review your instrumented business logic events. This detection requires the following instrumented events:
users.login.failure
users.login.success
Monitor login events and track failed logins. Generate a Low
severity signal when:
Increase signal severity to Critical
and identify the compromised account when the IP address has a successful login to this same account.