Brute Force Authentication
A Brute force alert typically indicates repetitive failed login attempts to one or many valid accounts. The analytics that produces these alerts aims to identify attackers trying to guess the correct password for a valid account. Modern authentication systems generally employ controls to prevent or limit password guessing, which has greatly reduced the number of actual brute force attacks in the wild. However, the prevalence of leaked user passwords and the value of obtaining access to a valid account means adversaries are encouraged to try this technique.
Get Runbook PDF