Do you monitor failed login attempts?
  v1.0 Posted at 25/07/2019 7:17 AM by Tiago Araujo

It is important to monitor failed login attempts to determine if you are being attacked from an external source or are having failed attempts from users within your organisation. This can be achieved with Passive Whats Up Gold Monitor.​

Figure: This P​assive Monitor can then be applied to your Servers
Figure: Good example - This Passive Monitor will then record failed login attempts
It is important to also ensure that you have "Audit logon events" Group Policy applied to servers for source information on the login. 

See: Do you use Group Policy to enable auditing of logon attempts?​​

Related rules

    Do you feel this rule needs an update?

    If you want to be notified when this rule is updated, please enter your email address: