Skip to content

cs-christopher-carsey/solution-pack-brute-force-attack-response

BranchesTags
 
 

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

51 Commits
connectors
connectors
 
 
docs
docs
 
 
playbooks
playbooks
 
 
records/scenario
records/scenario
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
info.json
info.json
 
 

Repository files navigation

Release Information

  • Version: 1.0.0
  • Certified: No
  • Publisher: Fortinet
  • Compatible Version: FortiSOAR v7.2.0 and above

Overview

The Brute Force Attack Response Solution Pack investigates login failures and also identifies other impacted assets that have been victims of the brute force attempts from a particular source of attack.

You can configure ingestion using connectors such as FortiSIEM and Syslog. The ingestion process creates an alert of type Brute Force Attempts and then triggers the response workflow.

The use-case deals with a typical Multiple Login Failure on an asset exposed to internet.

  • Fields of interest (Source and Destination IP address) are extracted as indicators and enriched
  • The playbook — Investigate Brute Force Attempt — illustrates a step-by-step response plan

Next Steps

Installation Configuration Usage Contents

About

No description, website, or topics provided.

Resources

Readme

License

MIT license
Activity

Stars

0 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases

3 tags

Packages

No packages published