Do you monitor failed login attempts?
25/07/2019 7:17 AM by
It is important to monitor failed login attempts to determine if you are being attacked from an external source or are having failed attempts from users within your organisation. This can be achieved with Passive Whats Up Gold Monitor.
- Figure: This Passive Monitor can then be applied to your Servers
- Figure: Good example - This Passive Monitor will then record failed login attempts
It is important to also ensure that you have "Audit logon events" Group Policy applied to servers for source information on the login.
Do you use Group Policy to enable auditing of logon attempts?
Do you feel this rule needs an update?