1. Background

A Brute Force incident surfaces a combination of audit events that indicate a protected resource is potentially being affected by an attempted DoS.

2. Investigation

In the following incident, you can see that a container received a flood of attempted actions to the extent that the Cloud Native Application Firewall (CNAF) blocked the source.

brute force incident

Review the CNAF audit logs to determine any further impact:

brute force cnaf audits

Additionally, review the logs of potentially affected applications to determine if there was any further impact.

3. Mitigation

Ensure that CNAF rules provide protection for exposed services.