-
6 years, 1 month ago
jbillings commented on the post, Detect Username Guessing Brute Force Attacks
In reply to: DaveyBoy wrote a new post The below will detect a form of brute force which most will miss. Whereas other scripts detect multiple logins against a single account, they fail to detect 4 failed logins against 40 […] ViewI like it, but these are the modifications I made to resolve some issues I had and output more information about the accounts involved. Cleans up the time also.
sourcetype=wineventlog EventCode=4625 OR EventCode=4624
| bin _time span=5m as minute
| stats count(Keywords) as Attempts,
count(eval(match(Keywords,”Audit Failure”))) as…[Read more] -
6 years, 7 months ago
jbillings became a registered member
-
6 years, 7 months ago
jbillings became a registered member
