LetsDefend: SOC210 - Possible Brute Force Detected on VPN
Welcome back to the blog today we have an interesting alert. A brute force on a VPN. Let's get stuck in. When we look for the IP address in Endpoint Security we find out that it is not in our system therefore it must be an external IP. Search on VirusTotal: We need to re-analyse for more recent and accurate results. Search on AbuseIP: Search in LetsDefend Threat Intel database. In the following logs you will clearly see the attacker guessing the username, then eventually guessing the password. LetsDefend is being very funny guys you remember we got this answer correct because eh found the successful attempt remember. However, they just gave us this:
