Splunk UseCase | Splunk Alert | Splunk Detect Brute force
Explains how to detect successful brute force. unlike counting excessive number of failed logins and at least one successful login. This detects successful authentication after n number of consecutive failed logins.
sample events used in video : https://github.com/splunkps/others/blob/4ca103e272e9b1896c380dbd545f167be5ed8ced/brute-force-sample.csv
