If you look in the Threat Vault you can see there are many different brute force sigs listed (ssh, rdp, postgres, smb, etc..).
My issue is the descriptions dont mention how many attempts it takes to trigger this alert? is it 5 or 50 or 5000? 5 im not really worried, 50 attempts and I'm definately going to do some digging. Am I correct that this info is not available or did I miss something?
Solved! Go to Solution.