Notifications about failed authentication attempts

Frequent failed attempts to log in to the web interface or the management console may indicate that a cybercriminal is trying to gain access to Kaspersky Anti Targeted Attack Platform by brute-forcing the password. To prevent such unauthorized access, we recommend to enabling notifications about the failed authentication attempt limit being exceeded.

To enable and configure notifications about failed authentication attempts:

  1. Select the Settings section in the application web interface window.
  2. Go to the Authentication policies tab.
  3. In the Count authentication attempts section set the Count attempts toggle switch to Enabled.
  4. In the Counting period field, enter the time period for which you want to count failed authentication attempts. The time is specified in minutes. If a user attempts to log in to the web interface or the management console and fails more than two times in a row, the following takes place:
    • A record about the user's failed authentication attempts is written to the user activity log.
    • If a rule has been created for sending notifications about too many failed authentication attempts (for information on how to create such a rule, see below), an email message is sent to the addresses specified in the notification rule. The message contains information about the failed user authentication attempts.

    In the Counting period field, you may specify 0, in which case all failed authentication attempts are counted, regardless of the how much time has passed between them.

  5. Click Apply.

Failed authentication attempts are counted, and if the specified threshold is exceeded (two failed authentication attempts in a row), information about this is saved and becomes available for review.

To enable and configure notifications about the failed authentication attempt being exceeded:

Follow the steps to create a rule for sending notifications about the operation of application components. While creating the rule, under Components, select the Authorization attempts check box.

A message is sent to the email addresses specified in the notification rule with information about failed user authentication attempts if more than two such attempts happen in a row within the specified time interval (see the Counting period setting above).

See also

Creating a rule for sending notifications about the operation of application components
Page top