Bruteforce alerts

Ive been thinking about this for some time, and i coulndt find a way to get alerts if im being brute forced.
i tried with zabbix, but i couldnt find an option to report me failed loggins, just statics.

Is there a way to recive mail alerts after 5 failed login attempts in this SO?

Windows Server RDP
FreeNas admin
pfSense admin
ubuntu ssh
ubuntu remote desktop

That is best done with a HIDS system such as Wazuh https://documentation.wazuh.com/3.11/learning-wazuh/rdp-brute-force.html

1 Like

Thanks! i will take a look at wazuh

When i saw the steps needed to install wazoh, i couldnt get my brain to start.
Then i find there was a OVA VM, and imported it to my XCPNG

But when i started playing with it, my brain just quit. I tought zabbix was not friendly to start using it, but wazuh is the new king.

I have used ManageEngine for this. Its free for 5 sources and has some pretty good predefined options. Its available for both windows and linux install.

https://www.manageengine.com/products/eventlog/

1 Like