security-tools/blue-team-tools
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
4486c3ffc9093efbea63500a52eee3d3dfe15055
blue-team-tools/rules/generic/generic_brute_force.yml
T
Yugoslavskiy Daniil 3376cf4dd8 fix some typos and remove redundand references
2019-10-29 01:40:06 +03:00

27 lines
627 B
YAML
Raw Blame History

title: Brute Force
description: Detects many authentication failures from one source to one destination which is may indicate Brute Force activity
references:
- None
tags:
- attack.t1110
author: Aleksandr Akhremchik, oscd.community
date: 2019/10/25
status: experimental
logsource:
category: authentication
detection:
selection:
action: failure
timeframe: 600s
condition: selection | count(category) by dst_ip > 30
fields:
- src_ip
- dst_ip
- user
falsepositives:
- Inventarization
- Penetration testing
- Vulnerability scanner
- Legitimate application
level: medium
Reference in New Issue View Git Blame Copy Permalink