Syslog, Authentication Failure On Device

Login Failures

Large amounts of failed login attempts in a short timeframe can be an key indicator of a brute force attack.

Configuration

severity

critical

Rule Query

sql SELECT * FROM devices,syslog WHERE (devices.device_id = ? AND devices.device_id = syslog.device_id) AND syslog.timestamp >= macros.past_5m AND syslog.msg REGEXP .*authentication failure.*


Last modified December 21, 2023