Failed Logins in the Last 24 Hours
Overview
The failed logins indicator shows recent failed authentication attempts, often focused on the last 24 hours.
What this feature does
It helps administrators see whether failed login activity is increasing or requires investigation.
Why it is useful
- It helps detect active attacks.
- It gives a short-term security signal.
- It helps support teams distinguish between user mistakes and suspicious repeated attempts.
Who should read this?
RISE Admin, Security Officer, Support Manager.
Where to find it
Rise Audit Pro → Security Dashboard and Auth Log.
How to use it
- Open Security Dashboard.
- Review the failed login count.
- Open Auth Log for detailed failed attempts.
- Filter by IP address, user, or country.
- Take action if the pattern looks suspicious.
Example workflow
A sudden spike in failed logins during the night leads the admin to check Auth Log and block the attacking IP at the firewall.
Screenshot
Screenshot required
Capture from: Rise Audit Pro → Security Dashboard → Failed Logins 24h
Capture from: Rise Audit Pro → Security Dashboard → Failed Logins 24h
Common mistakes
- Ignoring failed logins because no successful login happened.
- Not checking whether the same IP is targeting multiple users.
- Treating all failed logins as malicious without checking context.
Related articles
- Failed Login Events
- Failed Login Monitoring
- Brute Force Detection
