One of our customers is using Advanced ETL Processor to stop brute force attacks on their Windows SFTP server

Here is how it works:

  • Every time malicious users tries to connect to the server, the IP address is written into the windows event log.
  • Advanced ETL processor scans event log and saves a list of IP addresses into the text file.
  • Advanced ETL processor executes PowerShell script and blocks the IP address in Windows Firewall.

Windows event log message

To view the example follow the steps below

  • Download and install Advanced ETL Processor [Link]
  • Download and Unzip example[Link]
  • Create a new directory and call it Scripts

Directory 

  • Create a new transformation and open .ats file

extract ip address

  • Double click on the Reader object and select computer name

data reader

  • Double click on the Writer object and set the connection name to "Script"
  • Save transformation
  • Create a new package and open .wfp file

update windows firewal workflow

 Double click on transformation and select 0013 Extract IP Addresses

transformation properties

  •  Run the package by pressing the green arrow.

Please contact us if you need help with transforming the data

Visit ETL Tools Forum