Brute force

A Brute Force incident surfaces a combination of audit events that indicate a protected resource is potentially being affected by an attempted DoS.

Investigation

In the following incident, you can see that a container received a flood of attempted actions to the extent that the Cloud Native Application Firewall (CNAF) blocked the source.
Review the CNAF audit logs to determine any further impact:
Additionally, review the logs of potentially affected applications to determine if there was any further impact.

Mitigation

Ensure that CNAF rules provide protection for exposed services.

Recommended For You