-
Notifications
You must be signed in to change notification settings - Fork 6
Protect FromBruteforce
The script checks the logs and adds the ip address to the firewall rule depending on the specified parameters. The Protect-FromBruteforce cmdlet returns the instances of IPAddress that match the search parameters.
Protect-FromBruteforce
[-Attemts <int>]
[-Last <float>]
[-SMB]
[-RDP]
[-WinRM]
[-WhatIf]List of parameters for Protect-FromBruteforce:
Attempts specifies the number of successful logins to add an IP address to the whitelist.
Last specifies the time period in hours for which the log should be fetched.
SMB adds IP addresses from the log in the specified selection to the standard SMB rules.
RDP adds IP addresses from the log in the specified selection to the standard remote desktop rules.
WinRM adds IP addresses from the log in the specified selection to the standard WinRM rules.
Whatif shows the result of execution without creating or changing firewall rules.
It displays IP addresses that have had at least one successful login in the last 24 hours and adds them to the default RDP firewall rule.
Protect-FromBruteforceIt displays IP addresses that have had at least one successful login in the last hour and adds them to the default RDP firewall rule.
Protect-FromBruteforce -Attempts 1 -Last 1It displays IP addresses that have had at least one successful login in the last 24 hours and adds them to the default RDP, WinRm and SMB firewall rule.
Protect-FromBruteforce -RDP -SMB -WinRM