Salesforce Brute force attack on user
Set up the salesforce integration.
このページは日本語には対応しておりません。随時翻訳に取り組んでいます。翻訳に関してご質問やご意見ございましたら、お気軽にご連絡ください。
Goal
Detect a brute force attack on a Salesforce user.
Strategy
To determine a successful attempt: Detect when the same user fails to login five times and then successfully logs in. This generates a MEDIUM
severity signal.
To determine an unsuccessful attempt: Detect when the same user fails to login ten times. This generates an INFO
severity signal.
Triage and response
- Inspect the logs to see if this was a valid login attempt.
- See if 2FA was authenticated.
- If the user was compromised, rotate user credentials.