🌙
 

Subscribe to the Taegis™ XDR Documentation RSS Feed at .

Learn more about RSS readers or RSS browser extensions.

Brute Force

detectors


The Brute Force Detector identifies instances where a threat actor has attempted to break into an Active Directory environment by repeatedly trying different passwords, in the hope that eventually a correct combination is found. The Brute Force Detector processes streams of auth events and creates an alert when there is a particular sequence of auth failures followed by a successful logon within a small time window.

Brute Force Detector

Brute Force Detector

Note

The Login Failure Detector is now no longer available in Taegis™ XDR, and has been superseded by the Brute Force Detector.

Schema

Auth

Outputs

Alerts pushed to the Taegis™ XDR Alert Database and Taegis™ XDR Dashboard.

MITRE ATT&CK Category

Configuration Options

None

 

On this page: