Rules

Secret ingredients to quality software

Edit
Info

Do you monitor failed login attempts?

Last updated by Tiago Araújo [SSW] on 27 Feb 2021 02:42 am (2 months ago) See History

It is important to monitor failed login attempts to determine if you are being attacked from an external source or are having failed attempts from users within your organization. This can be achieved with Passive Whats Up Gold Monitor.

failed login whatsup gold 1
Figure: This Passive Monitor can then be applied to your Servers

failed login whatsup gold 2
Figure: Good example - This Passive Monitor will then record failed login attempts

It is important to also ensure that you have "Audit logon events" Group Policy applied to servers for source information on the login.

See: Do you use Group Policy to enable auditing of logon attempts?

Steven AndrewsSteven Andrews

We open source. This page is on GitHub