SMTP.Login.Brute.Force
Description
This indicates a multiple SMTP logon attempt occurring in a short period of time. It indicates that an attacker is attempting a brute force attack on a compromised system (about 100 times in 10 seconds).
Affected Products
All SMTP servers using authentication mechanisms
Impact
Impact of a successful attack could vary, with the worse case being a system compromise.
Recommended Actions
Adjust the threshold to your network.
Monitor the traffic from that network for any suspicious activity.
Telemetry
Coverage
IPS (Regular DB) | |
IPS (Extended DB) |