1. Overview

A Brute Force incident surfaces a combination of audit events that indicate a protected resource is potentially being affected by an attempted DoS.

2. Investigation

In the following incident, you can see that a container received a flood of attempted actions to the extent that the Web Application and API Security (WAAS) blocked the source.

brute force incident

Review the WAAS audit logs to determine any further impact:

brute force cnaf audits

Additionally, review the logs of potentially affected applications to determine if there was any further impact.

3. Mitigation

Ensure that WAAS rules provide protection for exposed services.