Hello
Excuse me, osquery can detect SSH violent login
Which tables should I use for testing?
s
seph
09/03/2020, 2:09 PM
I'm not sure what this means. Can you clarify? Are you looking for all logins? Failed logins?
a
alessandrogario
09/03/2020, 2:10 PM
brute force detection maybe?
d
demonbhao
09/04/2020, 1:30 AM
Yeah, brute force detection
I learned that osQuery can generate an alarm when I do brute force detection?
s
seph
09/04/2020, 5:38 PM
What kind of alarms have you seen from osquery? I’m not sure I’m familiar with that features.
I’m not sure I’ve seen osquery used for this. Though it could be used to report on something that is. On unix machines, fail2ban is a common tool for this. Not totally sure how to add osquery to that mix