Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Provide 'too many failed authentication attempts' security alert #253

Open
stijnmoreels opened this issue Sep 29, 2021 · 3 comments
Open

Provide 'too many failed authentication attempts' security alert #253

stijnmoreels opened this issue Sep 29, 2021 · 3 comments
Labels
area:security All issues related to security enhancement New feature or request
Milestone
v2.1.0

Comments

@stijnmoreels
Copy link
Member

Is your feature request related to a problem? Please describe.
We already write a security event upon successful van failed authentication, but we do nothing we possible malicious activity that could be detected with too many failed authentication attempts.

Describe the solution you'd like
We should consider adding a configurable threshold that will track a security alert when too many failed authentications are being monitored.

Describe alternatives you've considered
This could also reflect in the HTTP response, but maybe in a later phase.
@stijnmoreels stijnmoreels added enhancement New feature or request area:security All issues related to security labels Sep 29, 2021
@stijnmoreels stijnmoreels added this to the v1.5.0 milestone Sep 29, 2021
@fgheysels
Copy link
Member

Would it be possible to disable this as well ?

@stijnmoreels
Copy link
Member Author

Would it be possible to disable this as well ?

Yes, of course, will like the general security events probably an opt-in feature.

@stijnmoreels stijnmoreels modified the milestones: v1.5.0, v1.6.0 Mar 25, 2022
@stijnmoreels stijnmoreels modified the milestones: v1.6.0, v2.0 Jun 24, 2022
@stijnmoreels
Copy link
Member Author

Prioritizing .NET 8 support, moving to v2.1.

@stijnmoreels stijnmoreels modified the milestones: v2.0, v2.1.0 Dec 15, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
area:security All issues related to security enhancement New feature or request
Projects
None yet
Milestone
v2.1.0
Development

No branches or pull requests
2 participants
@fgheysels @stijnmoreels