Huawei Successive different Location Logons
Last updated on:
In this page
About the rule
Rule Type
Standard
Rule Description
Huawei Successive Logon from different locations
Severity
Critical
Rule Requirement
Criteria
Action1: actionname = "huaweivpnlogon" | timewindow 5m | having DCOUNT(IP_ADDRESS_COUNTRY) > 2 select Action1.timewindow.MESSAGE,Action1.timewindow.HOSTNAME,Action1.timewindow.USERNAME,Action1.timewindow.SOURCE_IP,Action1.timewindow.DEST_IP,Action1.timewindow.C_IP_COUNTRY,Action1.timewindow.IP_ADDRESS_COUNTRY
Detection
Execution Mode
realtime
Log Sources
Miscellaneous
