Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · Logic Apps · 📊
Detects multiple failed logins by the same user in Claroty SRA event logs. The rule looks for failed Login to SRA events, extracts the source username from the event message, and alerts when a user exceeds 5 failed logins within 5 minutes.
| Attribute | Value |
|---|---|
| Type | Analytic Rule |
| Solution | Claroty |
| ID | 4b5bb3fc-c690-4f54-9a74-016213d699b4 |
| Severity | High |
| Status | Available |
| Kind | Scheduled |
| Tactics | CredentialAccess, InitialAccess |
| Techniques | T1110, T1190, T1133 |
| Required Connectors | CefAma |
| Source | View on GitHub |
This content item queries data from the following tables:
| Table | Selection Criteria | Transformations | Ingestion API | Lake-Only |
|---|---|---|---|---|
CommonSecurityLog |
DeviceVendor == "Claroty" |
✓ | ✓ | ✓ |
Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · Logic Apps · 📊