Anomalous amount of failed sign-in attempts by 1Password user
Set up the 1password integration.
Cette page n'est pas encore disponible en français, sa traduction est en cours.
Si vous avez des questions ou des retours sur notre projet de traduction actuel,
n'hésitez pas à nous contacter.
Goal
Detect failed sign-in attempts from a 1Password user.
Strategy
This rule monitors 1Password logs to identify when an user generates an anomalous amount of failed sign-in events.
Triage and response
Investigate and determine if user {{@usr.email}}
with failed sign-in events {{@evt.outcome}}
, attempting to authenticate from IP address {{@network.client.ip}}
should have access.
Changelog
Updated query by replacing @evt.category:*failed*
with @evt.outcome:*failed*
.