The script checks the logs and adds the ip address to the firewall rule depending on the specified parameters.
Protect-Bruteforce
[-Attemts <UInt16>]
[-Last <UInt16>]
[-SMB]
[-RDP]
[-WinRM]
[-WhatIf]List of parameters for Protect-Bruteforce:
- Attempts
- Last
- SMB
- *RDP
- WinRM
- WhatIf
Attempts specifies the number of successful logins to add an IP address to the whitelist.
Last specifies the time period in hours for which the log should be fetched.
SMB adds IP addresses from the log in the specified selection to the standard SMB rules.
RDP adds IP addresses from the log in the specified selection to the standard remote desktop rules.
WinRM adds IP addresses from the log in the specified selection to the standard WinRM rules.
Whatif shows the result of execution without creating or changing firewall rules.
The module displays ip addresses that have had at least one successful login in the last 24 hours
Protect-BruteforceThe module adds outputs "'Powershell Protect-Bruteforce -Attempts 1 -Last 1 `
#### Example 3: RDP, SMB, and WinRM Protection
The module adds ip addresses with at least one successful login in the last 24 hours to the standard rules of the remote desktop firewall, SMB, and WinRM.
```Powershell
Protect-Bruteforce -RDP -SMB -WinRM