Features
Integrations
Dashboards
Log Management
APM
Security Monitoring
Network Monitoring
Synthetic Monitoring
Real User Monitoring
Serverless
Alerts
API
< Back to rules search
AWS Console Brute Force Login
Classification:
compliance
Framework:
cis
Control:
cis-3.6
Set up the cloudtrail integration.
Overview
Goal
Detect when a user is a victim of an Account Take Over (ATO) by a brute force attack.
Strategy
This rule monitors CloudTrail and detects when any @evt.name has a value of Console Login, and @error.message: has a value of Failed authentication.
Triage & Response
- Determine if the user logged in with 2FA.
- Reach out to the user and ensure the login was legitimate.
On this Page