MS.OWA.Brute.Force
Description
This indicates an attempt to perform a Brute Force attack against a Microsoft Outlook Web App server.
The attack consists of multiple requests intended to conduct a brute force login or to confirm the existence of usernames, launched at a rate of about 15 times in 1 seconds.
Affected Products
Microsoft Outlook Web App 2003 server
Microsoft Outlook Web App 2007 server
Microsoft Outlook Web App 2010 server
Microsoft Outlook Web App 2013 server
Microsoft Outlook Web App 2016 server
Microsoft Outlook Web App 2019 server
Impact
Impact of a successful attack could vary, with the worse case being a system compromise.
Recommended Actions
Adjust the threshold according to your network.
Monitor the traffic from that network for any suspicious activity.
Telemetry
Coverage
IPS (Regular DB) | |
IPS (Extended DB) |