kerberos_brute_internal_internal
Explanation
This event is triggered by Netography's Fusion Portal when it detects a large number of failed login attempts using the Kerberos service originating from a single internal host. This activity suggests a brute force login attack coming from a possibly compromised host inside your network.
What to Look For
Brute force attacks launched inside your network may be an indication that your network is compromised. Investigate hosts that are the source of this sort of activity in order to make sure that it is authorized and expected, and the hosts have not been compromised. Ensure that strong passwords are in use to prevent successful attacks. Check network logs for additional information and review endpoint security to ensure that sensitive information is secure.
Related MITRE ATT&CK Categories
Updated 20 days ago