Copy regular expressions to a single click

Detect Brute Force

Brute Force is a method for solving mathematical problems. It belongs to the class of methods for finding a solution by exhausting all kinds of options. The complexity of a complete search depends on the number of all possible solutions to the problem.

# QRadar AQL

SELECT count("category") as agg_val from events where search_payload ilike '%failure%' group by "destinationip" having agg_val > 30 LAST 600 seconds

# Splunk

action="failure" | eventstats dc(category) as val by dst_ip | search val > 30 | table src_ip,dst_ip,user

# Windows PowerShell

Get-WinEvent | where {$_.message -match "action.*failure" } | select dst_ip, category | group dst_ip | foreach { [PSCustomObject]@{'dst_ip'=$;'Count'=($ | sort -u).count} } | sort count -desc | where { $_.count -gt 30 }