Hello Excuse me osquery can detect SSH violent login Which t

Question

Hello Excuse me osquery can detect SSH violent login Which tables should I use for testing

seph · Answer

I m not sure what this means Can you clarify Are you looking for all logins Failed logins

alessandrogario · Answer

brute force detection maybe

demonbhao · Answer

Yeah brute force detection I learned that osQuery can generate an alarm when I do brute force detection

seph · Answer

What kind of alarms have you seen from osquery I m not sure I m familiar with that features

seph · Answer

I m not sure I ve seen osquery used for this Though it could be used to report on something that is On unix machines fail2ban is a common tool for this Not totally sure how to add osquery to that mix

demonbhao · Answer

Ok I ll look into it again thank