Skip to main content
Version: 6.4

CLI

Brute Force CLI Access

Identifying brute force Command Line Interface (CLI) access attempts, particularly through protocols like SSH (Secure Shell) and telnet, is crucial in safeguarding network security. Brute force attacks involve repeated attempts to guess login credentials and gain unauthorized access to systems. These attacks pose a significant threat as they can lead to compromised systems, data breaches, and unauthorized control over critical network resources. In the context of SSH and telnet, which are commonly used for secure administrative access to devices and servers, detecting brute force attempts is paramount. Early detection allows network administrators to implement countermeasures, such as blocking malicious IP addresses, enforcing strong password policies, or setting up additional authentication mechanisms, thereby mitigating potential security risks.

ElastiFlow provides a collection of anomaly detection jobs designed to identify brute force CLI access attempts through SSH and telnet including several targeted monitoring and analysis strategies.

Attributes

AttributeInformation
Analysis Typepopulation
MITRE ATT&CK TechniqueBrute Force (T1110)
MITRE ATT&CK Sub-TechniquePassword Guessing (T1110.001)
MITRE ATT&CK TacticCredential Access (TA0006)

Downloads

SchemaVectorPerspectiveWindowLink
CODEXdirectedgefastelastiflow_codex_netsec_bruteforce_direct_cli_edge_fast
CODEXdirectedgeslowelastiflow_codex_netsec_bruteforce_direct_cli_edge_slow
CODEXdirectinboundfastelastiflow_codex_netsec_bruteforce_direct_cli_in_fast
CODEXdirectinboundslowelastiflow_codex_netsec_bruteforce_direct_cli_in_slow
CODEXdirectoutboundfastelastiflow_codex_netsec_bruteforce_direct_cli_out_fast
CODEXdirectoutboundslowelastiflow_codex_netsec_bruteforce_direct_cli_out_slow
CODEXdirectprivatefastelastiflow_codex_netsec_bruteforce_direct_cli_priv_fast
CODEXdirectprivateslowelastiflow_codex_netsec_bruteforce_direct_cli_priv_slow
CODEXdistributededgefastelastiflow_codex_netsec_bruteforce_distrib_cli_edge_fast
CODEXdistributededgeslowelastiflow_codex_netsec_bruteforce_distrib_cli_edge_slow
CODEXdistributedinboundfastelastiflow_codex_netsec_bruteforce_distrib_cli_in_fast
CODEXdistributedinboundslowelastiflow_codex_netsec_bruteforce_distrib_cli_in_slow
CODEXdistributedoutboundfastelastiflow_codex_netsec_bruteforce_distrib_cli_out_fast
CODEXdistributedoutboundslowelastiflow_codex_netsec_bruteforce_distrib_cli_out_slow
CODEXdistributedprivatefastelastiflow_codex_netsec_bruteforce_distrib_cli_priv_fast
CODEXdistributedprivateslowelastiflow_codex_netsec_bruteforce_distrib_cli_priv_slow
ECSdirectedgefastelastiflow_ecs_netsec_bruteforce_direct_cli_edge_fast
ECSdirectedgeslowelastiflow_ecs_netsec_bruteforce_direct_cli_edge_slow
ECSdirectinboundfastelastiflow_ecs_netsec_bruteforce_direct_cli_in_fast
ECSdirectinboundslowelastiflow_ecs_netsec_bruteforce_direct_cli_in_slow
ECSdirectoutboundfastelastiflow_ecs_netsec_bruteforce_direct_cli_out_fast
ECSdirectoutboundslowelastiflow_ecs_netsec_bruteforce_direct_cli_out_slow
ECSdirectprivatefastelastiflow_ecs_netsec_bruteforce_direct_cli_priv_fast
ECSdirectprivateslowelastiflow_ecs_netsec_bruteforce_direct_cli_priv_slow
ECSdistributededgefastelastiflow_ecs_netsec_bruteforce_distrib_cli_edge_fast
ECSdistributededgeslowelastiflow_ecs_netsec_bruteforce_distrib_cli_edge_slow
ECSdistributedinboundfastelastiflow_ecs_netsec_bruteforce_distrib_cli_in_fast
ECSdistributedinboundslowelastiflow_ecs_netsec_bruteforce_distrib_cli_in_slow
ECSdistributedoutboundfastelastiflow_ecs_netsec_bruteforce_distrib_cli_out_fast
ECSdistributedoutboundslowelastiflow_ecs_netsec_bruteforce_distrib_cli_out_slow
ECSdistributedprivatefastelastiflow_ecs_netsec_bruteforce_distrib_cli_priv_fast
ECSdistributedprivateslowelastiflow_ecs_netsec_bruteforce_distrib_cli_priv_slow

By deploying this suite of anomaly detection jobs, organizations can effectively monitor for and rapidly identify brute force access attempts on SSH and telnet interfaces. Prompt detection is essential for taking immediate action to secure the network against unauthorized access, ensuring the protection of sensitive data and the integrity of network operations. This proactive approach to network security is a critical aspect of modern network management in an increasingly connected and security-conscious digital environment.