Anomalous amount of failed sign-in attempts by 1Password user
Set up the 1password integration.
このページは日本語には対応しておりません。随時翻訳に取り組んでいます。翻訳に関してご質問やご意見ございましたら、お気軽にご連絡ください。
Goal
Detect failed sign-in attempts from a 1Password user.
Strategy
This rule monitors 1Password logs to identify when an user generates an anomalous amount of failed sign-in events.
Triage and response
Investigate and determine if user {{@usr.email}}
with failed sign-in events {{@evt.outcome}}
, attempting to authenticate from IP address {{@network.client.ip}}
should have access.
Changelog
Updated query by replacing @evt.category:*failed*
with @evt.outcome:*failed*
.