OSSEC Alert: Multiple authentication failures

This rule is part of a beta feature. To learn more, contact Support.
이 페이지는 아직 한국어로 제공되지 않으며 번역 작업 중입니다. 번역에 관한 질문이나 의견이 있으시면 언제든지 저희에게 연락해 주십시오.

Goal

Detect when multiple failed authentication attempts are detected by OSSEC.

Strategy

This rule lets you monitor if there are multiple authentication failures in a limited time interval.

Triage and Response

  1. Check the activity detected on the System: {{@syslog.hostname}}.

  2. Analyze the rule that triggered along with the brief description and log message attached with the log:

    • Rule ID: {{@rule_id}}
    • Description: {{@description}}
    • Log Message: {{@log}}
  3. Inform your administrator to take further action for the detected failed activity.