alert tcp $HOME_NET any -> $EXTERNAL_NET any (msg: "[PALO-ALTO] NTLM Authentication Brute Force - [25/1]"; content: "NTLM authentication failed for user"; after: track by_src, count 15, seconds 300; threshold: type limit, track by_src, count 1, seconds 86400; flowbits: set,brute_force,21600; parse_src_ip: 1; classtype: unsuccessful-user; reference: url,; sid: 5002588; rev: 2;)

-- Main.Sagan-Wiki-Add - 2016-8-30

New revisions of 5002588 will be below...

Topic revision: r1 - 2016-08-30 - Sagan-Wiki-Add
This site is powered by the TWiki collaboration platform Powered by PerlCopyright © 2008-2019 by the contributing authors. All material on this collaboration platform is the property of the contributing authors.
Ideas, requests, problems regarding TWiki? Send feedback