Overview
Occasionally, Brute-force attempts blocked, shown in the Security Center Threat Monitoring chart, may show a higher number of blocks than can be found when filtering tenant logs by type: “limit_wc”. This article will explain how this difference can occur.
Applies To
- Brute-Force Protection
- Security Center
Solution
The Brute-force attempts blocked data points shown in the Security Center > Threat Monitoring chart only show any continued login attempts made after an account has been blocked.
- There is not a data point for the block itself, nor are there any data points for the failed attempts a user may have made before the block.
- Additionally, there are no tenant logs generated for these continued attempts made after a user has been blocked.