26 lines
918 B
XML
26 lines
918 B
XML
<!-- Alerte si erreur euthentification X10 en moins de 180 seconde -->
|
|
<group name="windows,windows_security,">
|
|
<rule id="100150" level="15" frequency="10" timeframe="60">
|
|
<if_matched_sid>60122</if_matched_sid>
|
|
<same_field>win.eventdata.ipAddress</same_field>
|
|
<description>Brut force</description>
|
|
</rule>
|
|
</group>
|
|
|
|
<!-- Reduction bruit "Sandrine" Alerte si erreur euthentification X10 en moins de 180 seconde -->
|
|
<group name="windows,windows_security,">
|
|
<rule id="100151" level="0">
|
|
<if_sid>100150</if_sid>
|
|
<field name="win.eventdata.targetUserName">^Sandrine$</field>
|
|
<description>Brut force</description>
|
|
</rule>
|
|
</group>
|
|
|
|
|
|
<group name="windows,windows_security,">
|
|
<rule id="100152" level="15" frequency="10" timeframe="60">
|
|
<same_field>win.eventdata.ipAddress</same_field>
|
|
<if_matched_sid>60105</if_matched_sid>
|
|
<description>Brut force</description>
|
|
</rule>
|
|
</group> |