Login Security - Remote Login
The remote login security detection can detect the source IP of each login attempt, record the source address, country, province, and city, and audit legitimate and illegitimate login attempts by combining with a whitelist.
Detection Principle
After installing the Agent, the first login location will be set as the usual login location by default, and it will start monitoring login security logs. The new logs will be uploaded to the cloud for storage. If a login from a location different from the first login is detected, it will be marked as a remote login, triggering an event alert.
Detection Cycle
- Real-time detection: An alert will be triggered immediately once a remote login (from an IP address not on the whitelist) is detected.
- Real-time logging: New login logs are uploaded to the cloud storage in real-time. The logs are retained for 6 months and will be deleted after expiration.
Detection Items
| Detection Item | Description |
|---|---|
| Remote Login | Refers to login attempts from an uncommon location |