Describe how you would use SIEM search queries to investigate a suspected brute-force attack. What fields would you search for, and what patterns would you look for?

Sample answer preview

Investigating a suspected brute-force attack through SIEM queries involves a systematic approach where I progressively narrow down the data to confirm or deny the attack and understand its scope.