Frequent failed attempts to log in to the web interface or the management console may indicate that a cybercriminal is trying to gain access to Kaspersky Anti Targeted Attack Platform by brute-forcing the password. To prevent such unauthorized access, we recommend to enabling notifications about the failed authentication attempt limit being exceeded.
To enable and configure notifications about failed authentication attempts:
In the Counting period field, you may specify 0, in which case all failed authentication attempts are counted, regardless of the how much time has passed between them.
Failed authentication attempts are counted, and if the specified threshold is exceeded (two failed authentication attempts in a row), information about this is saved and becomes available for review.
To send notifications about failed authentication attempt thresholds being exceeded, you need to enable and configure the notifications in the web interface of the Central Node to which the Sensor is connected. If the Sensor is connected to multiple Central Nodes, you can configure notification sending on any of the Central Nodes.
To enable and configure notifications about the failed authentication attempt being exceeded:
Follow the steps to create a rule for sending notifications about the operation of application components. While creating the rule, under Components, select the Authorization attempts check box.
A message is sent to the email addresses specified in the notification rule with information about failed user authentication attempts if more than two such attempts happen in a row within the specified time interval (see the Counting period setting above).