Unsuccessful User Privilege Gain
The Unsuccessful User Privilege Gain rules detect privilege escalation attempts that have failed. This can indicate that an attacker is intentionally attempting to elevate privileges and is failing, and that unsuspecting users are unknowingly aiding in a system compromise.
Failed logon attempts make up the majority of Unsuccessful User Privilege Gain alerts. Determining whether the alert is a false positive requires investigation into the source and situation in which the alert was discovered. A good sign that something malicious is occurring is a large number of unsuccessful authentication attempts. An unusual number of attempts can indicate that an attacker is attempting a brute force method of attack. An example ...
Get Intrusion Detection with Snort now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
