Analytics Alerts

Browse the Cortex analytics alert reference.

Severity
Detection module
Data source

1 alert match the current filters. tactic: TA0008 ✕ technique: T1110 ✕

Show ATT&CK heatmap
  • Possible Brute-Force attempt Informational Identity Analytics 2 variations

    This may indicate a brute-force attack.

    Activation:
    14 Days
    Training:
    30 Days
    Test:
    15 Minutes
    Deduplication:
    1 Day
    ATT&CK tactics: Credential Access (TA0006) Lateral Movement (TA0008)
    ATT&CK techniques: Brute Force (T1110) Remote Services (T1021)
    Required data: XDR Agent
    Attacker's goals: The attacker attempts to gain access to the accounts.
    Investigative actions: Verify any successful authentication by the user account referenced by the alert, as these can indicate the attacker managed to guess the credentials.

    Variations

    Possible Brute-Force attempt on a Honey User Account

    Medium overridden

    This may indicate a brute-force attack. overridden

    Possible Brute-Force attempt with a successful login and suspicious characteristics

    Low overridden

    This may indicate a brute-force attack. overridden