Cyberdefense/DeepBlueCLI
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Changed multiple failed login alert from 25 to 5 to more accurately reflect password spray attack evidence

Browse Source
This commit is contained in:
Joshua Wright
2019-12-24 11:09:45 -05:00
parent 5c0c972328
commit 7294cc4181
1 changed files with 1 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
DeepBlue.ps1
View File

@ -46,7 +46,7 @@ function Main {
#"Processing the " + $logname + " log..." #"Processing the " + $logname + " log..."
$filter=Create-Filter $file $logname $filter=Create-Filter $file $logname
# Passworg guessing/spraying variables: # Passworg guessing/spraying variables:
$maxfailedlogons=25 # Alert after this many failed logons $maxfailedlogons=5 # Alert after this many failed logons
$failedlogons=@{} # HashTable of failed logons per user $failedlogons=@{} # HashTable of failed logons per user
$totalfailedlogons=0 # Total number of failed logons (for all accounts) $totalfailedlogons=0 # Total number of failed logons (for all accounts)
$totalfailedaccounts=0 # Total number of accounts with a failed logon $totalfailedaccounts=0 # Total number of accounts with a failed logon