https://live.paloaltonetworks.com/t5/general-topics/pa-ngf-smb-bruteforce-behavior/m-p/356762#M87684 <P>the 31696 simply counts login attempts, it doesn't doublecheck if the same password is being used or a different one each time</P> Fri, 16 Oct 2020 14:21:53 GMT reaper 2020-10-16T14:21:53Z https://live.paloaltonetworks.com/t5/general-topics/pa-ngf-smb-bruteforce-behavior/m-p/356056#M87606 <P>Hi,&nbsp;</P><P>&nbsp;</P><P>Im wondering what is the behavior of SMB bruteforce vulnerability alert from PA FW.&nbsp;<SPAN>Vulnerability id (40004) SMB brute force seems to be triggered by a child signature&nbsp;31696(SMB login attempt). Question is the child triggered every time there was a failed login? Regardless if the failed attempt was caused by entering the same password over and over again? because brute force usually is done by trying random password each time. Thanks for your advice</SPAN></P> Tue, 13 Oct 2020 10:14:25 GMT https://live.paloaltonetworks.com/t5/general-topics/pa-ngf-smb-bruteforce-behavior/m-p/356056#M87606 herbert.lopez 2020-10-13T10:14:25Z https://live.paloaltonetworks.com/t5/general-topics/pa-ngf-smb-bruteforce-behavior/m-p/356762#M87684 <P>the 31696 simply counts login attempts, it doesn't doublecheck if the same password is being used or a different one each time</P> Fri, 16 Oct 2020 14:21:53 GMT https://live.paloaltonetworks.com/t5/general-topics/pa-ngf-smb-bruteforce-behavior/m-p/356762#M87684 reaper 2020-10-16T14:21:53Z