discuss.rapid7.com
Open in
urlscan Pro
34.230.121.13
Public Scan
URL:
https://discuss.rapid7.com/t/rewrite-detection-rule-for-authentication-attempt-from-disabled-account/40149
Submission: On July 25 via api from US — Scanned from CA
Submission: On July 25 via api from US — Scanned from CA
Form analysis 1 forms found in the DOM
POST /login
<form id="hidden-login-form" method="post" action="/login" style="display: none;">
<input name="username" type="text" id="signin_username">
<input name="password" type="password" id="signin_password">
<input name="redirect" type="hidden">
<input type="submit" id="signin-button" value="Log In">
</form>Text Content
* Library * Toolkits * Discuss * Leaderboard * Contribute Skip to main content Log In * * REWRITE DETECTION RULE FOR “AUTHENTICATION ATTEMPT FROM DISABLED ACCOUNT” InsightIDR InsightIDR You have selected 0 posts. select all cancel selecting Jul 23 2 / 2 Jul 23 1d ago jkratoJsizzle223 2d I would like to setup exemptions to this rule. Since it has not been moved over to the new way of doing things, I cannot. I will turn off the legacy rule and create my own custom rule. I am unable to figure out to correlate the login event with the active account (Cloud account) with the fact the account is disabled on prem. Does anyone know how to do this? 13 views David Smithdavid_smith1Moose 1d This functionality currently does not exist, since the account disabled information isn’t currently exposed in log search directly. We are working towards migrating these rules eventually, but some rules come with additional complexities such as this, and will take some more work than the more basic ones which have already been migrated. One thing we can potentially assist with is why the Rule is firing in the first place if it is a false positive or a misattributed account to user mapping perhaps. If you would like to raise a support case on that we can take a look. David Reply NEW & UNREAD TOPICS Topic list, column headers with buttons are sortable. Topic Replies Views Activity R7 InsightIDR - need to create a report/dashboard for calculation of the false positive alerts InsightIDR InsightIDR 7 359 Jun 13 Collector support for Amazon Linux 2 or Fedora InsightIDR 1 114 May 6 Multiple Collectors Inactivity InsightIDR 1 266 Sep 2023 Rapid7 Agent Exclude directory from events monitoring InsightIDR 0 237 Mar 19 IIS Event Source InsightIDR InsightIDR 1 189 May 28 WANT TO READ MORE? BROWSE OTHER TOPICS IN INSIGHTIDR OR VIEW LATEST TOPICS. Powered by Discourse Invalid date Invalid date