fortigate action="ssl-login-success" user="guest" A3-01 [PROD] VPN authentication success by guest account soc_prod,a3,vpn_guest, T1078.001 fortigate action="ssl-login-success" previous_country= A3-02 [PROD] VPN success from different country than last login soc_prod,a3,vpn_geo, T1078 fortigate action="ssl-login-success" failed_attempts_before_success= A3-03 [PROD] VPN success after multiple prior failures (brute-force indicator) soc_prod,a3,vpn_bruteforce, T1110.001 fortigate action="ssl-login-fail" failed_accounts= A3-04 [PROD] VPN multiple account failures from single source IP soc_prod,a3,vpn_bruteforce, T1110.003 fortigate action="ssl-login-success" expected_country=TH A3-05 [PROD] VPN authentication success from outside Thailand soc_prod,a3,vpn_geo, T1078