Rules by Product and UseCase
April 15, 2026 · View on GitHub
Vendor:
Product:
Use-Case: Brute Force Attack
| Rules | Models | MITRE ATT&CK® TTPs | Activity Types | Parsers |
|---|---|---|---|---|
| 10 | 1 | 4 | 2 | 1 |
| Event Type | Rules | Models |
|---|---|---|
| failed-logon | T1110 - Brute Force ↳ SEQ-UH-08: Abnormal number of failed logons for this user ↳ SEQ-UH-14: Failed logon due to bad credentials ↳ RDP-Brute-Force: Abnormal number of RDP failed logons for this user ↳ A-FL-MULTI-USERS-SRC: The same host failed to login to multiple users ↳ A-FL-MULTI-USERS-S: Multiple users failed to login (S) ↳ A-FL-MULTI-USERS-L: Multiple users failed to login (L) ↳ A-FL-MULTI-USERS-M: Multiple users failed to login (M) ↳ A-FL-MULTI-DEST-S: Failed logins to multiple destinations from host (S) ↳ A-FL-MULTI-DEST-M: Failed logins to multiple destinations from host (M) T1110.003 - T1110.003 ↳ A-FL-MULTI-USERS-SRC: The same host failed to login to multiple users T1021 - Remote Services ↳ RDP-Brute-Force: Abnormal number of RDP failed logons for this user T1021.001 - Remote Services: Remote Desktop Protocol ↳ RDP-Brute-Force: Abnormal number of RDP failed logons for this user | |
| vpn-logout | T1110 - Brute Force ↳ AUTH-F-COUNT: Abnormal number of failed authentications during this user session | • AUTH-F-COUNT: Count of failed authentication events in a session |