Brute Force Attempt

high

new

ALERT-5671•Firewall•Created on 3/21/2023, 10:15:00 AM

Assigned to:

MBMuath Al Badi

Alert Details

Information about this security alert

Description

Multiple failed login attempts detected from various IP addresses targeting user account ahmed.albalushi@example.com.

Detection Rule

Multiple Failed Authentication Attempts

Source IP

192.168.1.100

Destination IP

10.0.0.5

Affected User

ahmed.albalushi@example.com

Affected System

Authentication Server

MITRE ATT&CK

Tactic: Initial Access

Technique: T1110 - Brute Force

Related Alerts

Multiple Failed Login Attempts

ALERT-5674 • Authentication Server

medium

Unauthorized Access Attempt

ALERT-5671 • Firewall

high

Created

3/21/2023, 10:15:00 AM

Source

Firewall

Discussion

Collaborate with your team on this alert

Ahmed Al Balushi3/20/2023, 3:30:00 PM

I've started investigating this case. Initial findings suggest this might be related to a compromised account.

Fatima Al Zeedi3/20/2023, 4:45:00 PM

I've checked the logs and found multiple failed login attempts from different IP addresses before the successful login.

Ahmed Al Balushi3/20/2023, 5:15:00 PM

Good catch. Let's implement a temporary block on the account and notify the user.

Actions

Available actions for this alert

Tasks

Action items for this alert

Analyze suspicious login attempts

high

Due 4/5/2023

Review logs and identify patterns in the login attempts

ABAhmed Al Balushi

Block compromised account

critical

Due 4/3/2023

Temporarily block the affected user account

FZFatima Al Zeedi

Notify affected user

medium

Due 4/6/2023

Contact the user about the suspicious activity

MFMohammed Al Farsi

Update security policies

low

Due 4/10/2023

Review and update relevant security policies

SBSara Al Balushi

Brute Force Attempt

Description

Category

Detection Rule

Source IP

Destination IP

Affected User

Affected System

MITRE ATT&CK

Related Alerts

Created

Source