Synopsis
Activation Period |
14 Days |
Training Period |
30 Days |
Test Period |
1 Hour |
Deduplication Period |
1 Day |
Required Data |
|
Detection Modules |
Identity Analytics |
Detector Tags |
|
ATT&CK Tactic |
|
ATT&CK Technique |
|
Severity |
Low |
Description
A user account failed to log in to a VPN service multiple times in a short time period. This may indicate a brute-force attack.
Attacker's Goals
The attacker attempts to gain access to the accounts.
Investigative actions
Verify any successful connections by the user account referenced by the alert, as these can indicate the attacker managed to guess the credentials.