It seems like your browser didn't download the required fonts. Please revise your security settings and try again.

Login Sign Up Contact & Support

United States – English (GMT-5)

Email Protection

Total Email Protection

Email Gateway Defense (Email Security)

Impersonation Protection (Sentinel)

Cloud Archiving Service

Security Awareness Training (PhishLine)

Managed Security Awareness Training (Managed Phishline)

Email Security Gateway

Domain Fraud Protection

Incident Response

Message Archiver

WAF-as-a-Service

Web Application Firewall

Load Balancer ADC

Vulnerability Manager

Vulnerability Remediation Service

WAF Control Center

Active DDoS Prevention

CloudGen Firewall

CloudGen Access

Network Access Client

Firewall Insights

Web Security Gateway

Web Security Agent

Firewall Policy Manager

Intronis Backup (ECHOplatform)

Cloud-to-Cloud Backup

RMM (Managed Workplace)

Site Security Scanner

Server Backup (Yosemite)

Campus Help Center / Reference

Onboarding Portal

Network Security

Support Services

Barracuda XDR

Overview Documentation Materials

Email Protection

Total Email Protection

Email Gateway Defense (Email Security)

Impersonation Protection (Sentinel)

Cloud Archiving Service

Security Awareness Training (PhishLine)

Managed Security Awareness Training (Managed Phishline)

Email Security Gateway

Domain Fraud Protection

Incident Response

Message Archiver

WAF-as-a-Service

Web Application Firewall

Load Balancer ADC

Vulnerability Manager

Vulnerability Remediation Service

WAF Control Center

Active DDoS Prevention

CloudGen Firewall

CloudGen Access

Network Access Client

Firewall Insights

Web Security Gateway

Web Security Agent

Firewall Policy Manager

Intronis Backup (ECHOplatform)

Cloud-to-Cloud Backup

RMM (Managed Workplace)

Site Security Scanner

Server Backup (Yosemite)

Campus Help Center / Reference

Onboarding Portal

Network Security

Support Services

Login Sign Up Contact & Support

United States – English (GMT-5)

Simulating Cloud Security Threats - Brute Force Login Attempt

Last updated on 2025-04-17 15:53:55

Rule

Office 365 Brute Force Login Attempt

Purpose

Detects an unusual condition where one source has 50 authentication failures for the same user within 15 minutes timeframe.

Objective

Detect multiple failed login attempts (brute force).

How to test

Use a test system to simulate 50 failed login attempts within a 15-minute window for the same user from the same source.
This can be scripted using tools like Hydra, Medusa, or a custom Python script, such as the following:

password,
    "login": "Sign in"
}

# Function to simulate a brute force attack
def brute_force_login():
    for i in range(num_attempts):
        response = requests.post(login_url, data=payload_template, headers=headers)

        # Log the response status
        if response.status_code == 200:
            print(f"Attempt {i+1}: Login attempt failed with status 200 (OK) - Incorrect credentials.")
        else:
            print(f"Attempt {i+1}: Status Code {response.status_code}")

        # Adding delay between attempts (to avoid hitting rate limits)
        time.sleep(1)

if __name__ == "__main__":
    print("Starting brute force login simulation...")
    brute_force_login()
    print("Brute force login simulation completed.")