Alex, Thank you for your reply,
However both 1, 2 & 3 for the same event not different events, the problem is that during a pentest I would never know what this password could be.
The attack in general is named password spray attack. could be used on different protcols, ssh, rdp, rlogin and any web application that can accept usernames and passwords, and so on.
On Wednesday, May 16, 2018, 10:37:02 AM PDT, Alex McDonnell <email@example.com> wrote:
You can do number 1 yourself using the detection_filter rule option. For number 2 you have the details of what that is, but unless you know the password, you can't detect the same password being used over and over.