Excessive number of HTTP authentication failures from a source (ASIM Web Session schema)

Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · 📊

↑ Back to Content Index

---

This rule identifies a source that repeatedly fails to authenticate to a web service (HTTP response code 403). This may indicate a brute force or credential stuffing attack. This rule uses the Advanced Security Information Model (ASIM) and supports any web session source that complies with ASIM.

Attribute	Value
Type	Analytic Rule
Solution	Standalone Content
ID	a1bddaf8-982b-4089-ba9e-6590dfcf80ea
Severity	Low
Kind	Scheduled
Tactics	Persistence, CredentialAccess
Techniques	T1110, T1556
Required Connectors	SquidProxy, Zscaler
Source	View on GitHub

---

Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · 📊

↑ Back to Analytic Rules