valitydev/SigmaHQ
14
0
Fork 0
mirror of https://github.com/valitydev/SigmaHQ.git synced 2024-11-06 17:35:19 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
6eea77ae38
SigmaHQ/rules/generic/generic_brute_force.yml
Mike Wade 52ab677798 Fixed my git issue
2020-09-13 22:03:04 -06:00

27 lines
696 B
YAML
Raw Blame History

title: Brute Force
id: 53c7cca0-2901-493a-95db-d00d6fcf0a37
status: experimental
description: Detects many authentication failures from one source to one destination which is may indicate Brute Force activity
author: Aleksandr Akhremchik, oscd.community
date: 2019/10/25
modified: 2020/09/01
logsource:
category: authentication
detection:
selection:
action: failure
timeframe: 600s
condition: selection | count(category) by dst_ip > 30
fields:
- src_ip
- dst_ip
- user
falsepositives:
- Inventarization
- Penetration testing
- Vulnerability scanner
- Legitimate application
level: medium
tags:
- attack.credential_access
- attack.t1110
Reference in New Issue View Git Blame Copy Permalink