Excuse me, osquery can detect SSH violent login
Which tables should I use for testing?
09/03/2020, 2:09 PM
I'm not sure what this means. Can you clarify? Are you looking for all logins? Failed logins?
09/03/2020, 2:10 PM
brute force detection maybe?
09/04/2020, 1:30 AM
Yeah, brute force detection
I learned that osQuery can generate an alarm when I do brute force detection?
09/04/2020, 5:38 PM
What kind of alarms have you seen from osquery? I’m not sure I’m familiar with that features.
I’m not sure I’ve seen osquery used for this. Though it could be used to report on something that is. On unix machines, fail2ban is a common tool for this. Not totally sure how to add osquery to that mix