Repeated failed login attempts by a user for Check Point

Vendor

Check Point

Description

Alert if a user is repeatedly trying to login unsuccessfully during the last hour.

Remediation Steps

Investigate from where the logins are originating from and take action to block the attempts if necessary.

Check "/var/log/secure" on the device.

How does this work?

Count the number of failed logins for the last hour, using the information in /var/log/secure log file.

Why is this important?

Count the number of failed logins for the last hour, using the information in /var/log/secure log file.

Without Indeni how would you find this?

An administrator could login and manually read the file to count attempts.


View Source Code