Excessive Failed Logins

Description

Detects excessive number of failed login attempts (this is likely a brute force attack)

Content Mapping

This content is not mapped to any local saved search. Add mapping


Use Case

Security Monitoring, Compliance

Category

Lateral Movement, IAM Analytics

Alert Volume

Detects excessive number of failed login attempts (this is likely a brute force attack)

SPL Difficulty

Medium

Journey

Stage 2

MITRE ATT&CK Tactics

Credential Access

MITRE ATT&CK Techniques

Brute Force

MITRE Threat Groups

APT39
DarkVishnya
FIN5
OilRig
Turla

Data Sources

Authentication