Repeated Remote Access login to expired accounts
The automation notifies on login to expired accounts and blocks the source IP across all Quantum Gateways. The notification provides details about the users who failed to log in, the total number of failures within a specified time duration, and the source IP address. Parameters can be configured using the automation parameters such as the threshold for login failures, the block duration, whether the block is automatic or upon administrators approval, and so on.
Supported Product
Check Point Security Management Server (Quantum)
Parameters
|
Block source IP of login to expired accounts |
Select the checkbox to block the source IP of repeated login failures. |
|
Admin's approval is required for blocking source IP |
Select the checkbox if admin’s approval is required for blocking source IP. |
|
IP block duration |
Set the IP block duration. |
|
Trigger automation upon minimal number of login to expired accounts |
Set the minimal number of login to expired accounts to trigger the automation. |
|
Trigger automation upon login to expired accounts in time duration |
Set the time duration to count the login to expired accounts. |
Trigger
When there are repeated Remote Access login to expired accounts.
To view the example of this log, click Run.
Flow
