Monitor failed elastic user logins

I was wondering if there is a way to temporarily ban an IP or even a user profile who entered its password wrong for N time.
In general, is there a way to monitor user login attempts and automatically act upon it?

For simply monitoring login attempts, I highly recommend this blog post (starting from "Using Filebeat to ingest Elasticsearch audit logs") and the security audit docs that it links to.

I believe we don't offer login rate limiting at the time, but you can track the development of the issue here.

1 Like

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.