Failed Login Check

On macOS devices, the Failed Login Check queries the secure.log file to identify the total number of unsuccessful login attempts on the monitored device over the past 24 hours. If the number of discovered Events exceeds the configured threshold, the Check fails.

When a check is added or edited, the new settings are downloaded to the Agent the next time it communicates back to the N-sight RMM Dashboard and they are applied when the check runs after that.

The Failed Login Check results are available in the South-pane Checks tab. The More Information column displays the total number of Failed Logins recorded over the last 24 hours.

Check configuration

Add

  1. On the N-sight RMM Dashboard North-pane, select the device
  2. In the South-pane Checks tab, click Add Check
  3. Select Add DSCFailed Login Check
  4. Enter the Threshold

    When you set the threshold for the Failed Login Check, we recommend you decide how many failed attempts constitutes an abnormal amount.

    Work with your customer to determine a suitable number of failed logins as a baseline, and configure the threshold such that if the baseline is exceeded, the check fails and sends an alert.

  5. To run an Automated Task when the Check fails, choose Assign a Task after creating the Check
  6. Click OK to save and apply
  7. If you selected Assign a Task after creating the Check:
    1. Select the Automated Task script and select Next to configure. The following example is for Windows Automated Tasks. Other task options display for Linux and macOS devices.

    2. Enter any required Command Line parameters or Script parameters and select Next.
    3. Set maximum permitted execution time for the script (optional).
    4. Select Finish to save and apply.

Edit

  1. On the N-sight RMM Dashboard North-pane, select the device
  2. Go to the Checks tab
  3. Right-click the target Failed Login Check and select Edit Check
  4. Edit the settings
  5. Click OK to save and apply

Delete

  1. On the N-sight RMM Dashboard North-pane, select the device
  2. Go to the Checks tab
  3. Right-click the target Failed Login Check and select Delete Check
  4. Enter the password you used to sign into N-sight RMM to confirm removal
  5. Click OK to delete