Hello,
I want to customize the MS.SQL.Login.Brute.Force signature to adjust the frecuency. The standard signature fires when 5 MS SQL login failures within a short period of time 1 second between a unique pair of hosts. I know that I have to create a custom signature, but I don't know as I have to find the pattern...
I have started with this rule...
F-SBID( --attack_id 7171; --name "My.MS.SQL.Login.Brute.Force"; --protocol TCP; --dst_port 1433; --flow from_client; --rate 5,1800; --track SRC_IP ; )
Somebody can help me, please?
Thanks
Hello,
try Rate Based Signature Feature "MySQL.Login.Brute.Force" there you can set threshhold and duration.
Regards
sudo apt-get-rekt
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1735 | |
1107 | |
752 | |
447 | |
240 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.