Hi is it possible to get a script of some sorts on an event 4625 “Failure to login” more than 3 times to ban an ip address in the firewall to create a blocking?
for instance Audit Failure in the event ID 4625.
from an ip in france trying to hack the rdp port on our server can we block using the firewall as an extra rule please.
Hi @monster-it ,
We will have our script developers review your request and keep you posted with the update via this forum page.
Kind Regards,
PremJK
Hi @monster-it,
Please check the attached script for your request and provide your feedback
Note: Turn on Windows Firewall
Run as System User
Tested in Windows 10 OS environment
Kind Regards,
PremJK
brute_force_attack.json (7.91 KB)