Failure login event id 4625

Hi is it possible to get a script of some sorts on an event 4625 “Failure to login” more than 3 times to ban an ip address in the firewall to create a blocking?

for instance Audit Failure in the event ID 4625.

from an ip in france trying to hack the rdp port on our server can we block using the firewall as an extra rule please.

Hi @monster-it ,

We will have our script developers review your request and keep you posted with the update via this forum page.

Kind Regards,

Hi @monster-it,

Please check the attached script for your request and provide your feedback

Note: Turn on Windows Firewall

Run as System User

Tested in Windows 10 OS environment

Kind Regards,

brute_force_attack.json (7.91 KB)