Tag
An attacker is attempting to enumerate valid Splunk usernames by repeatedly submitting failed authentication attempts from a single source, as detected by monitoring the `_audit` index for multiple login failures, which is a precursor to credential-based attacks like password spraying or brute force, potentially leading to unauthorized access and sensitive data exposure.