Is it possible in any way to count failed authentications for a device and after a specified number of events within a given timeframe apply different roles and Enforcement profiles?
Hello, you could use Insight for doing this, enable insight on that server, and add insight as a Authorization source, create a custom sql source to look for failed authentications for the last 1 hour, for so and so count, to map a different enforcement profile for that device or user.
Thank you for the information.
Do you have an example of the syntax of the query?
you could do something like this, in the below query, i am looking for a user name, which failed authentications for 5 times in last one hour, you could adjust the query accordingly for your convenience:
select auth_username as username from auth where auth_status = 'Failed' AND timestamp > now() - interval '1 hour' GROUP BY auth_username HAVING COUNT(*) > 5;
At Aruba, we believe that the most dynamic customer experiences happen at the Edge. Our mission is to deliver innovative solutions that harness data at the Edge to drive powerful business outcomes.
© Copyright 2021 Hewlett Packard Enterprise Development LPAll Rights Reserved.