Brute Force Attack

Description

Triggered off of authentication attempts and/or number of devices a user has access to over time. Identifies possible brute force attacks inside of an environment.

Content Mapping

This content is not mapped to any local saved search. Add mapping


Use Case

Insider Threat, Security Monitoring

Category

Account Compromise, IAM Analytics

Alert Volume

Medium (?)

SPL Difficulty

None

Journey

Stage 4

MITRE ATT&CK Tactics

Credential Access

MITRE ATT&CK Techniques

Brute Force

MITRE Threat Groups

APT39
DarkVishnya
FIN5
OilRig
Turla

Data Sources

Windows Security
Authentication