Is it possible that a single failed log in attempt can generate multiple logs and the only difference it a millisecond on their timestamp that looks like automated attack ?
Hi @rey_espinosa welcome to the community.
Apologies, Could you provide a little more detail? It's not clear exactly what you're talking about.
Are you referring to a failed login to elasticsearch and you're looking at the audit logs?
What exactly are you referring to and what logs are you referring to and could you provide some samples ..
yes, when i look at 0365 environment and checking the logs it seems like there is an automated attack due to multiple failed logs i`ve seen, but when iask the client they says then only made 1 failed attempt