Forum Discussion
Could ATP identify Brute Force attempts?
Our auditors request a detection capability for brute force attemps (even if this is unlikely with a ten char complex password), so I tried to simulate this but ATP did not identify any suspicious ac...
Hi Steffen,
Had the Administrator user logged successfully from the machine you were running the script?
If your script is using the same password all the time for the same user, I do not think this is really considered a brute-force.
There are two flavors of brute-force detection.
Hi Gerson,
the script uses 100 different passwords to connect. I re-run it after successfully logging in with the account first, but there is no event triggered. I also tried multiple wrong passwords in a RDP session, maybe the trigger is very relaxed and will only identify a real machine-based Brute Force attack. I'll need to get a test tool I suppose.
Hi Steffen,
Can you try using a user account that has not successfully logged into the machine that you are running the script?
Can you also increase the password count a little?
Thanks
Gershon
Hi Gershon,
I tried with another account and a larger number of attacks - still no alerts generated. Do you have any suggestion for a real brute-force tool to see if it's possible to generate an alert at all?
Best regards
Steffen
