HIDS 2502

From Atomicorp Wiki
Revision as of 12:16, 16 July 2014 by Ben (Talk | contribs)

(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to: navigation, search
Rule 2502
Status Active
Alert Message User missed the password more than one time

Contents

Description

This means that an application on the system has reported to ASL that a user has failed to authenticate multiple times. The exact number of times it requires to trigger this depends on the application, and is not controlled by ASL. ASL is simply alerting that an application has reported that has experienced multiple authentication failures for a user.

You should investigate this event as it may be part of a broader attack.


Troubleshooting

False Positives

No false positives are known to exist for this. The event is not caused by ASL, but rather the application reports to ASL that it has experienced multiple authentication failures for a user. If your application is incorrectly reporting this, please report the issue to the application vendor. If ASL is incorrectly reporting an event, that is the application is not reporting multiple authentication failures, please let us know.

Additional Information

Similar Rules

Knowledge Base Articles

None.

Personal tools