Forum Discussion

Steffen Siguda's avatar
Steffen Siguda
Copper Contributor
Jan 17, 2018

Could ATP identify Brute Force attempts?

Our auditors request a detection capability for brute force attemps (even if this is unlikely with a ten char complex password), so I tried to simulate this but ATP did not identify any suspicious ac...
Steffen Siguda's avatar
Steffen Siguda
Copper Contributor

Hi Gerson,

 

the script uses 100 different passwords to connect. I re-run it after successfully logging in with the account first, but there is no event triggered. I also tried multiple wrong passwords in a RDP session, maybe the trigger is very relaxed and will only identify a real machine-based Brute Force attack. I'll need to get a test tool I suppose.

 

 

Gerson Levitz's avatar
Gerson Levitz
Iron Contributor
Jan 18, 2018

Hi Steffen, 

 

Can you try using a user account that has not successfully logged into the machine that you are running the script? 

 

Can you also increase the password count a little? 

 

Thanks

Gershon

  • Steffen Siguda's avatar
    Steffen Siguda
    Copper Contributor
    Jan 22, 2018

    Hi Gershon,

     

    I tried with another account and a larger number of attacks - still no alerts generated. Do you have any suggestion for a real brute-force tool to see if it's possible to generate an alert at all?

     

    Best regards

    Steffen

Resources