Title
#general
d

demonbhao

09/03/2020, 6:36 AM
Hello Excuse me, osquery can detect SSH violent login Which tables should I use for testing?
s

seph

09/03/2020, 2:09 PM
I'm not sure what this means. Can you clarify? Are you looking for all logins? Failed logins?
a

alessandrogario

09/03/2020, 2:10 PM
brute force detection maybe?
d

demonbhao

09/04/2020, 1:30 AM
Yeah, brute force detection I learned that osQuery can generate an alarm when I do brute force detection?
s

seph

09/04/2020, 5:38 PM
What kind of alarms have you seen from osquery? I’m not sure I’m familiar with that features.
5:39 PM
I’m not sure I’ve seen osquery used for this. Though it could be used to report on something that is. On unix machines, fail2ban is a common tool for this. Not totally sure how to add osquery to that mix
d

demonbhao

09/07/2020, 2:35 AM
Ok, I'll look into it again thank