Multiple Failed Badge Access Attempts

Description

Triggered when multiple users fail to badge in at a single badge-in access point. This could be used to detect both a physical brute force attack or faulty hardware.

Content Mapping

This content is not mapped to any local saved search. Add mapping


Use Case

Insider Threat, Security Monitoring, Compliance

Category

Insider Threat

Alert Volume

Low (?)

SPL Difficulty

None

Journey

Stage 4

MITRE ATT&CK Tactics

Reconnaissance

MITRE ATT&CK Techniques

Gather Victim Org Information

Determine Physical Locations

Data Sources

Physical Security