OSSEC Alert: Multiple authentication failures

This rule is part of a beta feature. To learn more, contact Support.

Classification:

attack

Tactic:

Technique:

Goal

Detect when multiple failed authentication attempts are detected by OSSEC.

This rule lets you monitor if there are multiple authentication failures in a limited time interval.

Check the activity detected on the System: {{@syslog.hostname}}.
Analyze the rule that triggered along with the brief description and log message attached with the log:
- Rule ID: {{@rule_id}}
- Description: {{@description}}
- Log Message: {{@log}}
Inform your administrator to take further action for the detected failed activity.