VMware Edge Cloud Orchestrator - High number of login failures from a source IP address

Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · 📊

↑ Back to Content Index

---

This query identifies repeating authentication attempts (5 or higher attempts) from a single source IP. These could be failed automation or service accounts, however, it is worth investigating these events.

Attribute	Value
Type	Hunting Query
Solution	VMware SASE
ID	c514ecc9-fa74-4977-976b-847895ee7e71
Severity	Medium
Tactics	CredentialAccess, InitialAccess
Techniques	T1078
Required Connectors	VMwareSDWAN
Source	View on GitHub

---

Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · 📊

↑ Back to Hunting Queries · Back to VMware SASE