How do you detect unauthorized access?

Community Alums · ‎04-24-2022

To detect that we are under attack, we would like to detect a certain number of failed login attempts within a certain time period and have an email notification.
(e.g., if there are accounts that have failed to log in 100 times within 5 minutes)
Is it possible to implement this with just a notification setting?
If it is necessary to set up a script, we would like to know how to do so.

Community Alums · ‎04-24-2022

Hi @NickFishFresh ,

Two script actions are available that enable a site administrator to manage the number of times a user can provide an incorrect password before being locked out from the Now Platform. You can enable either of these script actions to manage failed login attempts.

Navigate to System Policy > Script Actions.
Search for the name *SNC User.
To enable management of failed login attempts, change the Active state of either the SNC User Lockout Check with Auto Unlock or SNC User Lockout Check scripts actions from false to true.
To reset the failed login counter after a successful login, you can activate the SNC User Clear script action.

To send a Notification for failed attempts :

Mark my answer correct & Helpful, if Applicable.

Thanks,

Sandeep

元の投稿で解決策を見る

Anshu_Anand_ · ‎04-24-2022

glide.user.max_unlock_attempts property is used to set the limit for failed login attempts.

https://docs.servicenow.com/bundle/paris-servicenow-platform/page/administer/security/task/t_Lockout...

These article will help in guiding you

https://community.servicenow.com/community?id=community_question&sys_id=b35ecfeddb9cdbc01dcaf3231f96...

Hope its helpful

Regards,
Anshu

Community Alums · ‎04-24-2022