Credential stuffing attack

Credential stuffing is method of hacking a system by injecting breached username and password pairs in an attempt to fraudulently gain access to user accounts. The Security Incidents: credential stuffing attack policy helps identify possible credential stuffing attacks.

The Security Incidents: credential stuffing attack contains the following rules:

Prerequisite - Configure credential stuffing attack detection: This rule configures the credential stuffing attack detection.; Prerequisite: Server IP address in the Production Server group must be populated. By default, group is set to %.
Note: If you populate the group your own environment info, remove the % from the production server IP groups.
Credential stuffing attack detection: This rule detects credentials stuffing attacks and if an attack is found, the rule generates a security incident.; This rule generates exception messages in the Security Incident report when the number of login failures within the overall number of monitored sessions reaches a calculated threshold.