I was wondering if there is a way to temporarily ban an IP or even a user profile who entered its password wrong for N time.
In general, is there a way to monitor user login attempts and automatically act upon it?
For simply monitoring login attempts, I highly recommend this blog post (starting from "Using Filebeat to ingest Elasticsearch audit logs") and the security audit docs that it links to.
I believe we don't offer login rate limiting at the time, but you can track the development of the issue here.
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.