PingFederate Audit Alert: multiple failed sso login attempts in a short time period
このページは日本語には対応しておりません。随時翻訳に取り組んでいます。翻訳に関してご質問やご意見ございましたら、お気軽にご連絡ください。
Goal
Detect an unusually high number of failed SSO login attempts.
Strategy
Monitor PingFederate logs where a user generates a high number of failed SSO login requests within a short period. This detection rule aims to identify potential threats early, allowing for timely investigation and mitigation to protect server resources and maintain service availability.
Triage and response
- Analyze the pattern and volume of requests to distinguish between legitimate traffic and potential attacks.
- Investigate the IP
{{@network.client.ip}}
to determine if the activity is malicious. - Implement immediate measures to block or limit the impact of the suspicious activity if confirmed as a threat.