Login Security
Login Security can detect abnormal login behavior on your server, and alert when remote login and brute force cracking is detected.
Detection Principle
After installing the Agent, the location of the first login will be set as the common login location by default. And the logs will be uploaded to the cloud for preservation. If a different location from the first login is found, it will be marked as a remote login and will trigger event alerts.
Detection Cycle
Real-time detection, once remote login behavior, successful brute force cracking is found, immediately alert.
Detection Items
| Detection Item | Description |
|---|---|
| Remote Login | Refers to the behavior of logging in from non-common places |
| Successful Brute Force Cracking | Login to the host using brute force cracking and successful attempt |
| Failed Brute Force Cracking | Login to the host using brute force cracking, but the attempt failed |