Imperva Cyber Community

 View Only
  • 1.  About jSonar "Brute Force Login Attacks"

    Posted 12-17-2021 21:02
    Hi Team

    jSonar "Brute Force Login Attacks Dashboard" has display some event and dashboard,The corresponding Exception Type ID is "LOGIN_FAILED".
    so,how many "LOGIN_FAILED" as once brute force login attacks and how to see the the number of times setting of brute force login attacks.

    Thanks!

    #jSonar

    ------------------------------
    jeff gao
    Secure Engineer
    Shanghai
    ------------------------------


  • 2.  RE: About jSonar "Brute Force Login Attacks"

    Posted 12-22-2021 11:17

    Hi Jeff,

    I checked in with one of our Sonar experts and here is his insight:

    The "Brute Force Login Attacks" model aims to detect attempts to access account via brute force attacks.

    It is a model based alert, so there is no specific threshold of failed logins. The models learns the failed login behavior or each user on a particular server and assigns a statistical score ( z-score ) to the failed login attempts. In other words, it detects statistical jumps or anomalies in the failed login attempts for each user.

    The alerting scores are configurable, but the defaults is  a z-score of 3, the industry standard for Outlier activity.More information in the online documentation:  https://sonargdocs.jsonar.com/latest/en/user-entity-and-behavior-analysis--ueba-.html#ueba-overview

    I hope this helps!

    Thanks,



    ------------------------------
    Sarah Lamont(csp)
    Digital Community Manager
    ------------------------------