A brute force alert typically indicates repeated failed login attempts to one or many valid accounts. The analytics that produce these alerts aim to identify attackers trying to guess the correct password for a valid account. Modern authentication systems generally employ controls to prevent or limit password guessing, which has greatly reduced the number of actual brute force attacks in the wild. However, the prevalence of leaked user passwords and the value of obtaining access to a valid account means adversaries are encouraged to try this technique.
Use our new community tool, Salem Studio, to investigate, contextualize and document brute force authentication cyber alerts.