Interesting but from the article I haven't understood how they actually managed to group together the 24 Users Targeted in 1 Week and understood this was a malicious attack.
The 24 users being targeted in 1 week is one of many signals we use under the hood - it's rarely a single signal that allows us to definitively conclude whether something is an attack or not. In this case, it was also suspicious that this user had never seen any logins from Mexico before and had no documented reasons to be using a datacenter in Mexico.
Great question. The screenshots are from the product we've been building at Petra. If you'd like to give it a whirl, drop me a note at adithya [at] petrasecurity.com.
Interesting but from the article I haven't understood how they actually managed to group together the 24 Users Targeted in 1 Week and understood this was a malicious attack.
The 24 users being targeted in 1 week is one of many signals we use under the hood - it's rarely a single signal that allows us to definitively conclude whether something is an attack or not. In this case, it was also suspicious that this user had never seen any logins from Mexico before and had no documented reasons to be using a datacenter in Mexico.
Hi, what tool are the screenshots from?
Great question. The screenshots are from the product we've been building at Petra. If you'd like to give it a whirl, drop me a note at adithya [at] petrasecurity.com.