Brute Force IPs
Overview
Brute Force IPs highlights IP addresses associated with repeated failed login attempts.
What this feature does
It helps security teams identify sources that may be trying to guess passwords or attack multiple accounts.
Why it is useful
- It helps prioritize IPs for review or blocking.
- It supports incident response.
- It connects authentication data to actionable security decisions.
Who should read this?
RISE Admin, Security Officer, Server Administrator.
Where to find it
Rise Audit Pro → Security Dashboard → Brute Force IPs section.
How to use it
- Open Security Dashboard.
- Review the Brute Force IPs section.
- Open related Auth Log events.
- Check whether the IP targeted one user or several users.
- Block, monitor, or escalate based on your policy.
Example workflow
An IP address shows repeated failed attempts against multiple admin accounts. The server administrator blocks it at the firewall and documents the incident.
Screenshot
Screenshot required
Capture from: Rise Audit Pro → Security Dashboard → Brute Force IPs
Capture from: Rise Audit Pro → Security Dashboard → Brute Force IPs
Common mistakes
- Blocking an IP without checking whether it belongs to a legitimate office network.
- Assuming the plugin replaces server-level security tools.
- Not documenting why an IP was blocked.
Related articles
- Brute Force Detection
- IP and Country Lookup
- Failed Login Monitoring
