For Excessive SMB login attempts we have Allowed Failures-10 and for Excessive Login Attempts we have Threshold-20 to trigger alert.
May I know what is the time duration to have such failure attempts as I don't see any time threshold ? If there is any time threshold can we modify as per our requirements to fine tune this alert.
I got an answer so would like to update here. The time duration for both Excessive SMB login attempts and Excessive Login Attempts is 1 min each and it can't be modified.
1 best response
Accepted Solutions
best response confirmed by
Haaris_Faizan (Brass Contributor)
I got an answer so would like to update here. The time duration for both Excessive SMB login attempts and Excessive Login Attempts is 1 min each and it can't be modified.