valitydev/SigmaHQ
14
0
Fork 0
mirror of https://github.com/valitydev/SigmaHQ.git synced 2024-11-08 02:08:54 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
7d437c2969
SigmaHQ/rules/generic/generic_brute_force.yml
Thomas Patzke 593abb1cce OSCD QA wave 3
2020-02-02 12:41:12 +01:00

26 lines
645 B
YAML
Raw Blame History

title: Brute Force
id: 53c7cca0-2901-493a-95db-d00d6fcf0a37
description: Detects many authentication failures from one source to one destination which is may indicate Brute Force activity
tags:
- attack.t1110
author: Aleksandr Akhremchik, oscd.community
date: 2019/10/25
status: experimental
logsource:
category: authentication
detection:
selection:
action: failure
timeframe: 600s
condition: selection | count(category) by dst_ip > 30
fields:
- src_ip
- dst_ip
- user
falsepositives:
- Inventarization
- Penetration testing
- Vulnerability scanner
- Legitimate application
level: medium
Reference in New Issue View Git Blame Copy Permalink