Failed Login Monitoring
Overview
Failed login monitoring helps administrators identify repeated failed access attempts and possible account attack patterns.
What this feature does
It turns failed authentication records into actionable security information by allowing admins to filter, review, and compare attempts.
Why it is useful
- It helps detect password guessing.
- It helps identify targeted users.
- It supports blocking, password reset, or account review decisions.
Who should read this?
RISE Admin, Security Officer, System Owner.
Where to find it
Rise Audit Pro → Auth Log and Rise Audit Pro → Security Dashboard.
How to use it
- Open Auth Log.
- Filter failed login events.
- Group or review by IP address, user, country, or time.
- Check Security Dashboard for brute force summaries.
- Take action based on the severity of the pattern.
Example workflow
An admin sees repeated failed attempts against the same staff account from one IP. They verify the staff member was not attempting to log in and then escalate the issue.
Screenshot
Screenshot required
Capture from: Rise Audit Pro → Auth Log → Failed login filter
Capture from: Rise Audit Pro → Auth Log → Failed login filter
Common mistakes
- Only checking failed logins after a confirmed incident.
- Not reviewing the same IP across multiple accounts.
- Leaving weak passwords unchanged after repeated failures.
Related articles
- Brute Force Detection
- Security Dashboard Overview
- User Risk Scores
