Alert title: “Successful login from blacklisted IP address”
Description: Alerts if a successful login is made from an IP address which matches the blacklists we check against.
Options:
- It is possible to ignore a specific IP address
The problem: This alert is triggered when a successful login is detected from a ‘black-listed’ IP address. This is an indicator of suspicious activity.
Impact: If it was not one of your team members, then it may be an indication of an account breach (intrusion).
Suggested steps: Engage a technician to confirm that the alert is accurate. Change passwords for all impacted services, and where any common passwords are shared (make sure you have a unique password per service). Undertake any required steps as advised by a suitable technician.