Hi Jeff,
I checked in with one of our Sonar experts and here is his insight:
The "Brute Force Login Attacks" model aims to detect attempts to access account via brute force attacks.
It is a model based alert, so there is no specific threshold of failed logins. The models learns the failed login behavior or each user on a particular server and assigns a statistical score ( z-score ) to the failed login attempts. In other words, it detects statistical jumps or anomalies in the failed login attempts for each user.
The alerting scores are configurable, but the defaults is a z-score of 3, the industry standard for Outlier activity.More information in the online documentation: https://sonargdocs.jsonar.com/latest/en/user-entity-and-behavior-analysis--ueba-.html#ueba-overview
I hope this helps!
Thanks,
------------------------------
Sarah Lamont(csp)
Digital Community Manager
------------------------------
Original Message:
Sent: 12-17-2021 21:02
From: jeff gao
Subject: About jSonar "Brute Force Login Attacks"
Hi Team
jSonar "Brute Force Login Attacks Dashboard" has display some event and dashboard,The corresponding Exception Type ID is "LOGIN_FAILED".
so,how many "LOGIN_FAILED" as once brute force login attacks and how to see the the number of times setting of brute force login attacks.
Thanks!
#jSonar
------------------------------
jeff gao
Secure Engineer
Shanghai
------------------------------