專案

一般

配置概況

動作
複製連結

一般 #1222

已結束

Asia Cyber Security Service Portal (ACSSP) 【Reply in Jira】[INCGC-15458]-Low-Windows Bruteforce Attempt Detected

是由 益利 周25 天 前加入. 於 13 天 前更新.

狀態:
Closed-關閉
優先權:
Normal
被分派者:
政益 楊
分類:
-
開始日期:
2025-12-31
完成日期:
完成百分比:

100%

預估工時:
2:00 小時

概述


Analysis: The alert indicates a brute-force style authentication attempt targeting user A40008 from workstation YILANA40008 via the domain controller YILAND-SRV.YILAND1.COM.TW, which was blocked by the security system. Since the action is BLOCK and the description shows a Status OK, there were no successful logins.

Recommendations:

1. Investigate the time-of-day restrictions configured for the user to confirm if the login attempt was legitimate and aligned with the user's allowed login times

2. Review the account activity of user to check for any successful logins or suspicious behavior.

3. Implement account lockout policies after a certain number of failed login attempts to prevent passwords from being guessed

4. Review account policies to confirm and reinforce time-of-day restrictions.

檔案

clipboard-202512310850-qt51k.png (40.2 KB) clipboard-202512310850-qt51k.png 益利 周, 2025-12-31 08:50
動作
複製連結

匯出至 Atom PDF