> For the complete documentation index, see [llms.txt](https://ztrust.gitbook.io/ztrust-documentation/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://ztrust.gitbook.io/ztrust-documentation/user-manual-ztrust-v4.1/4.-admin-manual/4.30-set-up-brute-force-detection-feature.md).

# 4.30 Set up Brute Force Detection feature

This feature enables ZTrust to detect brute force attacks, where attackers use trial and error techniques to discover correct credentials. ZTrust can identify and prevent such unauthorized access attempts. In case of detection, customized notification emails are sent to the IT Security Team or System Administrator whenever multiple failed attempts originate from a single IP Address.

Steps to be followed to set up Brute Force Detection feature -

1. Go to Realm Settings.

   <figure><img src="/files/drgcok3DOTnDwyEjUKx1" alt=""><figcaption><p>Fig 4.29.a: Navigating to Realm Settings</p></figcaption></figure>
2. Click on Security Defenses.

<figure><img src="/files/nIcrL2ZENF5uSRWySZG1" alt=""><figcaption><p>Fig 4.29.b: Navigating to Security defenses tab</p></figcaption></figure>

3. Click on Brute Force Detection.

<figure><img src="/files/xAK9svXTKsYrWnq4g9uK" alt=""><figcaption><p>Fig 4.29.c: Navigating to Brute force detection sub tab of Security defenses tab</p></figcaption></figure>

<table><thead><tr><th width="147">Field Name</th><th width="191">Mandatory (Yes/No)</th><th width="122">Field Type</th><th>Description</th></tr></thead><tbody><tr><td>Brute Force Mode</td><td>Yes</td><td>dropdown</td><td>Select the most preferable option from the dropdown according to your needs.</td></tr></tbody></table>

<figure><img src="/files/jdcVzi4O4ZyEZIRQVOzO" alt=""><figcaption><p>Fig 4.29.d: Brute force mode</p></figcaption></figure>

4. Provide the details for the following according to your organization standards -

<table><thead><tr><th width="205">Field Name</th><th width="192">Mandatory (Yes/No)</th><th width="109">Field Type</th><th>Description</th></tr></thead><tbody><tr><td>Max Login Failures</td><td>Yes</td><td>Text</td><td>Maximum number of login attempts permitted for a user if incorrect credentials are provided.</td></tr><tr><td>Wait Increment</td><td>Yes</td><td>Text</td><td>Duration after which the account will be unlocked to enable the user to log in again after the maximum number of failed attempts</td></tr><tr><td>Max wait</td><td>Yes</td><td>Text</td><td>Time after which it allows logging in again in case of a quick login failure.</td></tr><tr><td>Failure Reset Time</td><td>Yes</td><td>Text</td><td>Duration after which the count of failed login attempts will be reset to zero</td></tr><tr><td>Quick Login Check Milliseconds</td><td>Yes</td><td>Text</td><td>Recommended to verify if the login attempts are not from a bot. The time elapsed between the first failed login and the second failed login.</td></tr><tr><td>Minimum Quick Login Wait</td><td>Yes</td><td>Text</td><td><p>It represents the waiting period or the duration the user must wait after a rapid login failure.</p><p><br></p></td></tr></tbody></table>

All the above mentioned details are customizable and can be adjusted to align with the organization's standards.

5. Click on Save.

The Brute Force Detection feature will now be enabled.

<br>
