You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Detects multiple failed login attempts for the same username over a 1 hour timeframe. This is designed to catch attacks leveraging domain resources to attempt credential validation. The threshold and time frame can be adjusted based on the customer's environment.
Additional Details
Detail
Value
Type
Threshold
Category
Initial Access
Apply Risk to Entities
srcDevice_hostname, srcDevice_ip, user_username
Signal Name
Domain Brute Force Attempt
Summary Expression
Multiple failed login attempts for user: {{user_username}}