• Support
  • Forums
  • Blogs

Brute Force Directives

axi0maxi0m

New Life Form
Hey Guys,

We have a couple clients that due to their network configuration are receiving a ton of Brute Force alarms to the point where it has become nearly impossible to manage our alarm queue. While IT has been working on a fix on their end I've been trying to suppress these alarms with a directive that will only fire on a successful login however afters hours of making new directives and testing in our lab I just can't seem to get anything to work.

I'm using Hydra to test RDP and SMB brute forces with a long password list that I have included the proper password in at different stages, however HIDS is 1. Not picking up the successful logins and 2. Not even firing off brute force passwords until I tune the Timeout and Occurences low.

My question is, has anyone made directives like this before that can offer any guidance? Thanks!

Share post:

Answers

Sign In or Register to comment.