0 Replies Latest reply on May 2, 2016 1:49 PM by yassinezeroual

    DAM Use case 2: Database Protection “Brute Force Login”

    yassinezeroual

      Database Protection “Brute Force Login”


      Prerequisite:

        Installation of the McAfee DAM Sensor at the Database.

        Database monitoring configuration


      Scenario:

      We need to simulate that a general user or hacker try to login into the database to get the password using tools or social engineering and after many failed logon we have a successful logon.


        He logs in to the core of the database server after a multiple failed login.


        McAfee DAM sends an alert.


        DAM2.png


        Note: McAfee DAM will look that many failed authentications followed by a successful authentication by the same user and same IP address.

         He we can also create a correlation rule at the McAfee SIEM that will detect the Bruce force attack.