Detect New Login Attempts To Routers

Description

The search queries the authentication logs for assets that are categorized as routers in the ES Assets and Identity Framework, to identify connections that have not been seen before in the last 30 days.

Content Mapping

This content is not mapped to any local saved search. Add mapping


Use Case

Security Monitoring

Category

Operations

Alert Volume

The search queries the authentication logs for assets that are categorized as routers in the ES Assets and Identity Framework, to identify connections that have not been seen before in the last 30 days.

SPL Difficulty

None

Journey

Stage 2

Kill Chain Phases

Actions On Objectives

Data Sources

Authentication

   Help

Detect New Login Attempts To Routers Help

To successfully implement this search, you must ensure the network router devices are categorized as "router" in the Assets and identity table. You must also populate the Authentication data model with logs related to users authenticating to routing infrastructure.

   Search

Open in Search