IMPORTANT: No additional bug fixes or documentation updates
will be released for this version. For the latest information, see the
current release documentation.
Unusual Login Activityedit
Identifies an unusually high number of authentication attempts.
Rule type: machine_learning
Machine learning job: suspicious_login_activity_ecs
Machine learning anomaly threshold: 50
Severity: low
Risk score: 21
Runs every: 15 minutes
Searches indices from: now-45m (Date Math format, see also Additional look-back time
)
Maximum signals per execution: 100
References:
Tags:
- Elastic
- Linux
- ML
Version: 1
Added (Elastic Stack release): 7.7.0
Potential false positivesedit
Security audits may trigger this signal. Conditions that generate bursts of failed logins, such as misconfigured applications or account lockouts could trigger this signal.