Update PulseConnectSecureVPN-PasswordSpray.yaml
Updating the name and description of the query.
This commit is contained in:
Родитель
da7ad0bfdf
Коммит
62d305b6cd
|
@ -1,8 +1,7 @@
|
|||
id: 1fa1528e-f746-4794-8a41-14827f4cb798
|
||||
name: PulseConnectSecure - Potential Password Spray Attempts
|
||||
name: PulseConnectSecure - Large Number of Distinct Failed User Logins
|
||||
description: |
|
||||
'This query identifies evidence of potential password spray activity against the Pulse Secure VPN server,
|
||||
by looking for failures from multiple accounts, originating from the same host within a time window'
|
||||
'This query identifies evidence of failed login attempts from a large number of distinct users on a Pulse Connect Secure VPN server'
|
||||
severity: Medium
|
||||
requiredDataConnectors:
|
||||
- connectorId: PulseConnectSecure
|
||||
|
|
Загрузка…
Ссылка в новой задаче