Brute Force

Description

This threat is generated when a single account or multiple accounts have repeated login failures followed by malicious activity such as data movement or scanning activity.

Content Mapping

This content is not mapped to any local saved search. Add mapping


Use Case

Security Monitoring

Category

Account Compromise, IAM Analytics

Alert Volume

Low (?)

SPL Difficulty

None

Journey

Stage 4

Data Sources

Windows Security
Audit Trail
Host-based IDS
Network Communication
Anti-Virus or Anti-Malware
Authentication
IDS or IPS
DLP
Email
Endpoint Detection and Response
Web Proxy