Do you monitor failed login attempts?

Last updated by Brady Stroud [SSW] 9 days ago.See history

It is important to monitor failed login attempts to determine if you are being attacked from an external source or are having failed attempts from users within your organization. This can be achieved with Passive Whats Up Gold Monitor.

failed login whatsup gold 1
Figure: This Passive Monitor can then be applied to your Servers

failed login whatsup gold 2
Figure: Good example - This Passive Monitor will then record failed login attempts

It is important to also ensure that you have "Audit logon events" Group Policy applied to servers for source information on the login.

See: Do you use Group Policy to enable auditing of logon attempts?

We open source. Powered by GitHub