Brute force attack against user credentials

Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · 📊

↑ Back to Content Index

---

Identifies evidence of brute force activity against a user based on multiple authentication failures and at least one successful authentication within a given time window. This query limits IPAddresses to 100 and may not potentially cover all IPAddresses. The default failure threshold is 10, success threshold is 1, and the default time window is 20 minutes.

Attribute	Value
Type	Analytic Rule
Solution	Salesforce Service Cloud
ID	5a6ce089-e756-40fb-b022-c8e8864a973a
Severity	Medium
Status	Available
Kind	Scheduled
Tactics	CredentialAccess
Techniques	T1110
Required Connectors	SalesforceServiceCloudCCPDefinition
Source	View on GitHub

Tables Used

This content item queries data from the following tables:

Table	Transformations	Ingestion API	Lake-Only
SalesforceServiceCloudV2_CL	?	✓	?
SalesforceServiceCloud_CL 🔶	?	✓	?

---

Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · 📊

↑ Back to Analytic Rules · Back to Salesforce Service Cloud