This website uses cookies. By clicking OK, you consent to the use of cookies. Click Here to learn more about how we use cookies.
OK
ABOUT CHECKMATES & FAQ
Create a Post
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Help
Prabulingam_N1
Advisor
‎2019-12-08 09:30 PM

Credential Guessing Event in SmartEvent

Dear All,

Anyone had come across on the below Events:
We have SmartEvent (Both R77.x & R80.x) in same machine of Management server.

We have enabled Event Policy - "Unauthorized Entry" - "Credential Guessing" to generate events of 3 failures within 600 Seconds.
We are receiving Events on the above as well which is fine.

But we have different info on the above "Credential Guessing" Event Log.

Example: We have Internal Server (Windows 2012) and we tried to SSH into Firewall from this Server.
For few wrong attempts as per Event Detection - we get Events.

But the Event "Product" says "Linux OS" instead of "Windows OS"

(Attached screenshot)


Regards, Prabulingam

Preview file
144 KB
Reply
3 Replies
G_W_Albrecht
Champion
Champion
‎2019-12-09 03:09 AM

Why attach a Word document instead of an image ???

Reply
G_W_Albrecht
Champion
Champion
‎2019-12-09 03:12 AM

This in fact is correct - a Linux device has reported the Credential Guessing Event in SmartEvent as GAIA is based on RedHat Linux. This does not characterize the hacker OS but the devices OS where the issue Credential Guessing occurred 😎.

Reply
Prabulingam_N1
Advisor
‎2019-12-10 08:52 PM
In response to G_W_Albrecht

Dear G_W_Albrecht,

 

Thanks for your inputs, this helps me to inform the customer for clearing on Linux OS.

 

Regards, Prabu

0 Kudos
Reply