/!\ Only in Lab context /!\ Performing tests on your Alsid for AD Lab you are trying to trigger the IoE Brute Force Attack Detection, with a spraying attack using spraying scripts or other tools. Despite your multiple attempts, Spraying is not detected in deviance on the targeted objects. You only see " Failed authentication" several times in Trailflow:
The Brute force Attack Detection IoE, for the spraying part, is based (among other things) on the number of badPwdCount
, from "zero"
. Thus, the lab environment with no "real" or "alive"
active members (who like on any AD, connect regularly
and therefore, reset their badPwdCount
to zero) the strategy of the checker, cannot target the conditions and raise the deviance on a second test try (or on a "non-active" user with a badPwdCount >0)
So this is not an issue, But context linked.